Recovery Of Disk Contains Sensitive Material
Recovery of Disk Contains Sensitive Material
Overview of the Vulnerability
The device's storage medium fails to adequately delete data when a factory reset is performed due to a flaw in the process. An attacker with access to the storage medium post-reset can recover and exploit the sensitive information.
Business Impact
The incomplete deletion of sensitive data during a factory reset poses a substantial risk of data breaches. If exploited, this vulnerability can lead to the unauthorized disclosure of confidential information, undermining customer trust and violating privacy regulations. The consequent legal, financial, and reputational damages can significantly impact the organization's standing and operations.
Steps to Reproduce
Perform a factory reset on the device to initiate the data removal process.
Access the storage medium of the device after the reset.
Use {{tool}} to retrieve previously stored sensitive information.
Proof of Concept (PoC)
The following screenshot(s) demonstrate(s) this vulnerability:
{{screenshot}}
Guidance
Provide a step-by-step walkthrough with screenshots on how you exploited the vulnerability. This will speed up triage time and result in faster rewards. Please include specific details on where you identified the vulnerability, how you identified it, and what actions you were able to perform as a result.
Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC).
Recommendation(s)
It is recommended to implement robust deletion functions which not only reference to the data, but write over the existing data to prevent digital forensic methods of recovery.
Last updated