Motorola Tablet Goof: 4 Security Lessons For Users
Motorola accidentally shipped 100 refurbished tablets with old customer data still intact. Here's what you can do to ensure your information isn't sold by mistake.
Motorola alerted customers on Friday that it shipped about 100 refurbished Xoom tablets that were not completely cleared of the original owner's data prior to resale. The tablets were sold between October and December of 2011 through Woot.com. Oops.
According to Motorola, some of the compromised data potentially includes user names and passwords for email and social media accounts, as well as other password-protected sites and applications, and possibly even photographs and documents.
More Security Insights
- 2012 IBM X-Force Annual Trend and Risk Report
- Intelligent Role Management for Improved Security and Compliance
Though only 100 tablets were affected, Motorola is taking some pains to right this wrong.
[ Motorola's goof pales in comparison to these industry missteps. See 12 Epic Tech Fails Of 2011 . ]
First, Motorola is offering customers who purchased a Motorola Xoom Wi-Fi tablet between March and October 2011--and then returned it--a complimentary two-year membership of Experian's ProtectMyID Alert to mitigate any risks. Experian provides access to consumer credit data, and can be used as a tool to make sure the accidentally shared data is not put to nefarious use. The Xoom was available from a number of retailers during that period, including Amazon.com, Best Buy, BJ's Wholesale, eBay, Office Max, Radio Shack, Sam's Club, Staples, and others. If you bought one from the aforementioned retailers and returned it, best give Motorola (and Experian) a call.
Second, Motorola wants the not-completely-wiped Xoom tablets back. Motorola is asking those who purchased refurbished Xoom's from Woot.com between October and December 2011 to contact Motorola to see if it is among those affected. (Visit motorola.com/xoomreturn or call 1-800-734-5870 and select option 1.)
"Motorola sincerely regrets and apologizes for any inconvenience this situation has caused the affected customers," the company said in a statement. "Motorola is committed to rigorous data protection practices in order to protect its customers, and will continue to take the necessary steps to achieve this objective."
This type of thing shouldn't happen, but it did. Motorola appears to be doing the right thing. Kudos to its team for getting the word out there and looking to protect the security of its customers. Of course, it would have been nice if Motorola noticed this whole foul-up a little sooner, as some of the affected devices have been in circulation for four or more months.
This could have been prevented by the users, however. Here's how:
1. Factory reset. Every Android device can be returned to factory condition via the privacy tools. It's pretty easy to do. I do it every time I send a review unit back to the manufacturer. This removes all the account data from all the apps, removes user-downloaded apps, and returns the device's software to an "as-new" condition. It is in a slightly different spot on most Android devices, but is often located in: Settings -> Privacy -> Factory Data Reset.
2. Erase the memory card. This can be easy to forget. There's a little check box in the factory reset process (but only some of the time) that asks if you want to erase the memory card, too. Make sure you check it. That way, apps that you've moved to the memory card--as well as photos, music files, documents, etc.--are erased. Better yet, pull the memory card out, stick it into a computer and reformat it. Better still, just take the memory card out altogether and keep it.
3. Change passwords often. If user data is somehow mysteriously intact after both users and the manufacturer refreshes a device, another tool to help keep yourself protected is to change up your password. For example, I change my Google Account password every month. This way, even if someone gets an old device of mine, they probably won't be able to access my key information.
4. Encrypt your device. Not all devices offer encryption, but Motorola tablets definitely do. Encrypting the device is available through the security settings. The belief is that even if you reset an encrypted device to factory conditions, any user data left on the device would be so jumbled as to be unusable.
InformationWeek is surveying IT executives on global IT strategies. Upon completion of our survey, you will be eligible to enter a drawing to receive an Apple 16-GB iPad 2. Take our 2012 Global CIO Survey now. Survey ends Feb. 7.