The Google Android-powered Tesco Hudl tablet has a data reset flaw in which the factory reset option doesn't do a good job deleting information, according to security specialists. There is concern that many Tesco tablets end up on eBay, and despite having broken screens, weren't wiped of onboard data.
Researchers were also able to discover PIN codes to unlock the tablets, with Wi-Fi keys, cookies and Web browsing data from original owners discovered.
"The factory data reset doesn't appear to zero all sectors on the disc; it's simply too quick a reset process to do so," said Ken Munro, a Pen Test Partners security expert, in a statement to The Register. "So then we bought a few Tesco refurbished Hudls from the Tesco Outlet Store on eBay. Whilst two of them had been correctly zeroed using a wiping product, one was not. From this we recovered some of the previous owners personal data, again including social media and mail profiles."
Meanwhile, Tesco said any tablets returned to the store would undergo mandatory personal data deletion, but still recommended users download a third-party data wipe tool.