IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Tesco Hudl found to retain data even after factory reset

Tesco Hudl tablets have been linked to a security risk, with potentially sensitive data remaining even after factory reset


Sensitive data stored on Android devices such as the Tesco Hudl can still be accessed even if a user has carried out a factory reset, an investigation by the BBC has found.

Three separate tests on various Android tablets concluded that data is not necessarily removed even after users have chosen the factory reset option, with some tests resulting in just the list of locations being deleted and nothing else. A secure wipe removes the index as well as onboard memory, preventing it from being recovered by anyone else.

based devices were purchased from selling site eBay as part of the investigation. Security expert Ken Munro, who worked with the BBC to test the results for themselves, found the Tesco Hudl tablet to be particularly vulnerable to attacks.

He said: "There's a flaw in the firmware, which allows you to read from it as well as write."

The flaw leaves potentially sensitive information on devices, which can then be passed on to others when the device is lost, stolen or sold.

During the experiments, Munro could read and analyse data as well as extracting PIN codes, Wi-Fi keys, cookies and other browsing data. This meant that he could sign in to websites, accessing private information relating to the tablet's original owner.

Sven Boddington, vice president of global marketing and client solutions at Teleplan, added: "To say its worrying to find tablet devices are being sold with data still on them is an understatement.

"As consumers, we are becoming increasingly reliant on our mobile devices, from basic communications, social media, to mobile banking and payment transactions, and therefore the data they carry is more and more sensitive."

It is expected that new Android releases will feature automatically enabled encryption, rather than as an option as it is now.

A spokesperson for Tesco responded to the worrisome findings, saying: "Customers should always ensure all personal information is removed prior to giving away or selling any mobile device. To guarantee this, customers should use a data wipe program.

"If you sell or dispose of your device, we recommend you enable encryption on your device and apply a factory reset beforehand."

The spokesperson also assured customers that, if they return the tablets to Tesco, all data will be securely wiped from them.

"Businesses that process mobile devices such as smartphone and tablets for use as second hand products have a responsibility to the sellers, and buyers of these devices to ensure that the proper security procedures are applied so that personal data is thoroughly and permanently destroyed," Boddington added.

Tesco came under scrutiny earlier this year when the personal details including email addresses and passwords of 2,239 Tesco Clubcard users were leaked and published on Pastebin.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022