A new investigation from the consumer advocacy organization Which? revealed that 3 in 10 second-hand smartphones are vulnerable to being hacked as they are no longer supported by security updates from the manufacturer, leaving the future owners open to potential cyber risks. If your phone is not running on the latest version of its software, your device security and data privacy may be at risk, Which? said.
The investigation centered around three pre-owned mobile phone retailers, SmartFoneStore, Music Magpie, and CeX. Almost a third (31%) of the phones at CeX could be vulnerable. A fifth (20%) of the phone models found on Music Magpie and one in six (17%) on SmartFoneStore are also exposed to cyberthreats.
According to Which?, some of the phones being resold without security updates include Apple iPhone 5, Huawei P10, Google Pixel XL, Samsung A8 Plus, and the Samsung Galaxy S7. In the wake of the Which? investigation, Music Magpie has removed the unsupported devices from its platform. SmartFoneStore also issued an update, adding a warning on unsupported devices so consumers are aware before they buy them.
Other findings from the investigation include:
- Around 62% said they think a mobile phone is broken down for parts when it is sent for recycling, but Which? investigation found most phones are actually resold.
- Music Magpie told Which? it refurbishes 95% of the products it receives from consumers, all of which are resold in the U.K. It sells more than 250,000 phones a year.
- CeX said the majority of phones are resold in the U.K. – it sold approximately one million phones in 2019.
- SmartFoneStore, which sources phones from businesses and retailers, told Which? it sells around 2,000 per month.
“Out-of-support devices might not immediately have problems, but without security updates, the risk to the user of being hacked is increased. The lack of robust, sustainable solutions for the disposal of mobile phones is an ongoing concern. With effective options in place to resell pre-owned devices, the potential is there to prolong their lifespans – but until manufacturers offer complete transparency about how long devices will be supported, and those offering only a couple of years of support do better, it is more difficult to take advantage of these services without putting consumers at risk,” Which? said in its analysis.
Kate Bevan, Which? Computing editor, said, “Keeping mobile phones in circulation for longer is better for the environment but it shouldn’t come at the cost of customer security. Unless manufacturers become more transparent, and those offering vital updates for only a couple of years do better, there is a risk that second-hand phones will be vulnerable to hackers or end up dumped in a landfill site. If your mobile phone is no longer receiving security updates you should consider upgrading as soon as possible. While you continue to use an out-of-support device, you must take steps to mitigate the risks – including using mobile antivirus software, managing app permissions and only downloading from official stores.”
