What Is E-Waste Hacking?

Electronic waste — better known as e-waste — has been a massive problem for years. However, most people have never even heard of the term. Unfortunately, whether they realize it or not, it impacts them directly. How does e-waste hacking put you at risk?

The Overlooked Problem With E-Waste

Most people don’t think twice about what happens to their electronics when they throw them away or trade them in. In almost every case, their old devices become e-waste. Common examples include phones, computers, printers, monitors, smart devices and wearables.

Almost all electronics contain materials like nickel, flame retardants, and cadmium that either are or can become hazardous if disposed of improperly. For example, lithium-ion batteries can produce noxious smoke if damaged and toxic liquid if exposed to water. In landfills, these devices poison the air, waterways, and soil by leeching heavy metals and poisonous chemicals.

Since e-waste is a relatively new problem, it remains largely unaddressed. Today, it accounts for roughly 70% of the toxic waste in U.S. landfills. Only a fraction is ever formally recycled, leaving the rest to pollute local environments for thousands of years until they naturally break down.

While there’s no breakdown of where the country’s e-waste comes from, the consumer electronics sector is likely responsible for most of it. People have been buying more than ever in recent years — computer purchases surged by 34% during the COVID-19 pandemic — suggesting they’ve been throwing away more than ever.

The main focus of e-waste is its environmental risks, for good reason. However, that’s not its only problem. Many people don’t realize they’re essentially handing all their device’s data directly to a cybercriminal when they dispose of it improperly.

E-waste hacking is becoming increasingly profitable for cybercriminals as people toss more electronics every year. Unfortunately, buying something new is often cheaper than having something repaired. Once a device leaves the owner’s hands and lands in the trash, it’s forfeit — along with every shred of personally identifiable information (PII) and sensitive data it ever stored.

What E-Waste Hacking Looks Like

While e-waste hacking sounds futuristic, it’s concerningly simplistic. Once an electronic device is thrown away or given to a third party for disposal, it often ends up in a landfill. At some point along the journey, people pick through the waste for hard drives to recover data. They either misuse it themselves or sell it to a third party for a profit.

There’s 100 times more gold in one ton of smartphones than in one ton of gold ore. Thus, urban mining — extracting usable material like copper, glass, aluminum or gold from discarded electronics — is becoming popular in places like Ghana, China and India.

How does e-waste hacking work? Usually, cybercriminals can pry out a device’s physical drives and recover the data from them, as many people forget to wipe or destroy those. While they might have to use specialized tools to bypass security measures, they often only have to plug it in to retrieve sensitive information.

Back in 2009, a group of journalism students from the University of British Columbia bought a $40 hard drive at an open-air market in Ghana for an international reporting course. Once they plugged it in, a multi-million dollar U.S. defense contract between the Pentagon, the Department of Homeland Security and a military contractor was sitting there, waiting to be read.

What Are the Security Risks of E-Waste?

Once cybercriminals get ahold of an improperly disposed-of device’s storage system, they can see the previous owner’s PII. This could include names, social security numbers, addresses and contact information. They also gain access to whatever files remain intact.

Regarding e-waste generated by consumer electronics, individuals become susceptible to identity theft, phishing scams, cyberattacks and financial fraud. If cybercriminals choose to sell their information on the dark web, they remain at risk for the rest of their lives.

While individuals are usually the focus of cybersecurity concerns related to e-waste, businesses are also at risk. If even a single employee improperly disposes of their old work laptop, the company’s data breach risk skyrockets.

E-waste hacking can expose proprietary information, give cybercriminals a way to infiltrate the brand’s network legitimately or lead to an uptick in cyberattacks. Considering the average data breach cost over $4.45 million in 2023, the consequences could be catastrophic.

How Do Electronics End up in Hackers' Hands?

The logistics of electronics going from a garbage can into a hacker’s hands is more straightforward than most people would assume. One of the simplest means is through theft, where the person retrieves the thrown-away device from the trash and takes it home.

While most cybercriminals don’t make dumpster diving a pastime, many know where to go — or who to call — to get their hands on recently thrown-out electronics. Considering roughly 800 laptops worth of e-waste are generated every second in the U.S., the simplicity of such a plan shouldn’t come as a surprise.

Another illicit means cybercriminals use to get their hands on PII is through a third party like a recycling center, buy-back platform or trade-in program. In this scenario, the intermediary sells used consumer electronics to them directly. Whether due to negligence or an effort to make a quick profit, sensitive data doesn’t get wiped before the sale.

One of the most concerning ways e-waste ends up in hackers’ hands is through cargo ships. According to a 2016 study — one of the few on the matter — the U.S. exports up to 40% of its e-waste for dismantling or recycling. Apparently, there have been multiple cases where countries have had to reject cargo loads of e-waste shipments.

While some say this claim is untrue, the U.S. has set a precedent by exporting plastic waste for decades. Despite international law making it illegal, it has increased its exports to places like Malaysia and Indonesia. Moreover, while most shipments are categorized as recycling, they end up in landfills, meaning e-waste export isn’t an unreasonable concept.

What to Do to Avoid E-Waste Hacking

While most people’s first thought is to avoid e-waste hacking by holding on to their technology, unused electronics are attractive targets to thieves. Besides, lost devices pose a host of other cybersecurity risks. The only way to guarantee security is through proper disposal channels.

1. Shred Data Storage Systems

People must get used to “shredding” their hard disk drives and solid state drives (SSDs) like they do their sensitive documents. Once they wipe their device, they should render their storage systems unusable by physically destroying them and their chips.

2. Use Darik's Boot and Nuke

Darik's Boot and Nuke (DBAN) is a free, open-source software people use to wipe physical drives. While it’s effective, it should only be used by individuals and not businesses, as it doesn’t meet any formal destruction requirements like NIST or HIPAA. Notably, it does not work on all devices and will not work for SSDs due to compatibility issues.

3. Leverage Data Encryption

People should proactively encrypt every shred of data on their devices even if they use DBAN since data residue — recoverable digital traces of data — remains on electronics and is recoverable by hackers even after the manual erasure process. As a bonus, this measure can protect them from experiencing the effects of various cyberattacks.

4. Use Reputable Third Parties

Simply destroying and throwing away electronics to prevent e-waste hacking is irresponsible because it is incredibly damaging to the environment. Instead, people should find reputable, transparent third parties to ensure their devices don’t end up being sold off or landfilled.

The World Cannot Ignore the Issue of E-Waste

Even without the security risks e-waste hacking poses, improperly disposed-of electronics are a problem. They poison the air, waterways and soil for thousands of years as they sit in landfills. Individuals and enterprises must do their part to prevent this from happening for the good of data protection and the environment.