Refurb iPhones still contain previous users' data
Here's a slightly disturbing story from iPhone Atlas. Apparently user data is recoverable from iPhones that are being sold as refurbished. A detective from the Oregon State police recovered email, photos, and other user data from an "out-of-the-box refurbished iPhone." Indeed the image to the right is a partial screen capture from the refurbished iPhone.According to the iPhone developer Jonathan Zdziarski "all of the personal information that was sitting on [his iPhone] prior to the erase or restore is still left sitting in the unallocated blocks of the iPhone's NAND memory." In other words doing a Restore operation through iTunes will not actually fully delete all the data on the iPhone. What's needed is a low-level format of the NAND, but there doesn't seem to be a readily available means for doing this.
With the 3G iPhone presumably about to drop it seems safe to assume a lot of second-hand iPhones are about to become available on eBay, etc. It would be nice if there were some fully reliable way to ensure that all personal data is expunged from the device. The original information is on Zdziarski's blog.
Update: Just to be clear, the data was recovered using forensics software. Average users who buy refurbished iPhones will not have easy access to the previous userss data, though it will still be there waiting to be recovered by anyone with the proper expertise.
Share
Here's a slightly disturbing story from iPhone Atlas. Apparently user data is recoverable from iPhones that are being sold as refurbished....
Add a Comment
This isn't any different than when someone buys a used computer or hard drive. Recovering personal data off a hard drive is just as easy with the proper software. Unless you specifically reformat a hard drive or NAND flash drive and zero-out the entire disk, the data isn't actually deleted. It's just marked as not needed and free for the filesystem to write over.
As soon as a new user fills it up with their own personal info, music, and pictures - all that recoverable data you couldn't wipe is overwritten. So the easiest thing to do would be to delete everything, and fill it up with random crap to overwrite everything, and wipe it again (at least until a utility is released to do a full-on format).
This is a very scary proposition and the fact that Apple has locked the iP1 down so tight you cannot securely wipe your data and prevent hackers and other criminal types (as noted above) from getting your data.
Having owned many pda's and SmartPhones I am glad that the one I use does offer a secure wipe option and it can be done remotely or manually. I am not sure I want to trust the remote wipe feature developed by MS and tweaked by Apple to secure wipe my device. There are alternatives available and one does offer that level of security.
Couldn't you just wipe the iPhone with iTunes and simply fill the iPhone with data (pics, tunes, etc.), then wipe again?
May 20 2008 at 7:57 PM Report abuse Permalink rate up rate down ReplySounds like a great opportunity for a shareware developer... the iPhone iNuke.
May 20 2008 at 7:24 PM Report abuse Permalink rate up rate down ReplyThey really need to add a writer to zero option for the Factory Restore option.
And hopefully the remote wipe coming in v2.0 will allow write to zero instead of just removing the markers.
Well... Dur? The same is true of pretty much every mobile phone in existence - deleting something doesn't actually zero it from the storage. It's true of your computer. Hardly such a big problem as someone pinching your stuff and having immediate access to your data anyway.
The moral of the story is, don't ever store any data anywhere in case someone gets their hands on it. Or alternatively learn to live with it...
Reminds me of a used Xbox I purchased that still had the original user's data on it for the Live service. I would have thought Apple would have been smarter with such a high profile device like the iPhone. Makes me wonder how secure the enterprises will be if they need to remotely wipe a stolen company iPhone. Apple needs to respond to this latest allegation before my money leaves my pocket.
May 20 2008 at 10:22 AM Report abuse Permalink rate up rate down Replyand before the 3G iPhones leave the warehouses, I see this delaying the next generation back a few weeks.
May 20 2008 at 10:49 AM Report abuse Permalink rate up rate down ReplyMy AT&T refurbished iPhone arrived in minty fresh condition. There was no previous data of any kind on it.
May 20 2008 at 10:19 AM Report abuse Permalink rate up rate down ReplyIf your paranoid about someone getting yoru data I'm pretty sure you can run a dd if=/dev/zero of=/Volumes/iphonedir/test.zero
Once that crashes because it ran out of space rm -rf /Volumes/iphonedir/test.zero and ou will have efectivly reset all the bits to zero on the iphone, if this doesn't work writting an app that links against itunes to transfer a huge file of zeros over shouldn't be that hard.
Wait, wait, wait!
The data was retrieved with FORENSICS software, not just browsing about. Who has iPhone Forensics software? Cops, detectives, and unscrupulous hackers.
This is not for the common person, and the average Joe isn't going to be able to get to the info.
You can stop panicking now. Remember, the devil's in the details. Read the full links and blogs to discover the truth.
Nothing to see here, move along.
Deals of the Day
more deals- Acoustic Research Digital Photo Frame with iPod Dock for $50 + free shipping
- Apple iPhone 4 8GB for Verizon, AT&T, or Sprint for $50 + pickup at Best Buy
- Unlocked iPhone 4S 16GB for GSM (AT&T, T-Mobile) for $619 + free shipping
- Apple iMac Core i7 Quad 3.4GHz 27" w/ 24GB RAM, 2TB HDD for $2,677 + $29 s&h
- Used Apple Magic Mouse for $36 + $4 s&h
- Skullcandy Riot Earbud Headphones for $10 + free shipping
Software Updates
more updatesFeatured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
23 Comments