Back to Mobile View

Skip to Content

Refurb iPhones still contain previous users' data

Here's a slightly disturbing story from iPhone Atlas. Apparently user data is recoverable from iPhones that are being sold as refurbished. A detective from the Oregon State police recovered email, photos, and other user data from an "out-of-the-box refurbished iPhone." Indeed the image to the right is a partial screen capture from the refurbished iPhone.

According to the iPhone developer Jonathan Zdziarski "all of the personal information that was sitting on [his iPhone] prior to the erase or restore is still left sitting in the unallocated blocks of the iPhone's NAND memory." In other words doing a Restore operation through iTunes will not actually fully delete all the data on the iPhone. What's needed is a low-level format of the NAND, but there doesn't seem to be a readily available means for doing this.

With the 3G iPhone presumably about to drop it seems safe to assume a lot of second-hand iPhones are about to become available on eBay, etc. It would be nice if there were some fully reliable way to ensure that all personal data is expunged from the device. The original information is on Zdziarski's blog.

Update: Just to be clear, the data was recovered using forensics software. Average users who buy refurbished iPhones will not have easy access to the previous userss data, though it will still be there waiting to be recovered by anyone with the proper expertise.

Categories

Security iPhone

Here's a slightly disturbing story from iPhone Atlas. Apparently user data is recoverable from iPhones that are being sold as refurbished....
 

Add a Comment

*0 / 3000 Character Maximum Comment Moderation Enabled. Your comment will appear after it is cleared by an editor.

23 Comments

Filter by:
Nick

This isn't any different than when someone buys a used computer or hard drive. Recovering personal data off a hard drive is just as easy with the proper software. Unless you specifically reformat a hard drive or NAND flash drive and zero-out the entire disk, the data isn't actually deleted. It's just marked as not needed and free for the filesystem to write over.

As soon as a new user fills it up with their own personal info, music, and pictures - all that recoverable data you couldn't wipe is overwritten. So the easiest thing to do would be to delete everything, and fill it up with random crap to overwrite everything, and wipe it again (at least until a utility is released to do a full-on format).

June 03 2008 at 4:27 PM Report abuse rate up rate down Reply
ppcmd

This is a very scary proposition and the fact that Apple has locked the iP1 down so tight you cannot securely wipe your data and prevent hackers and other criminal types (as noted above) from getting your data.

Having owned many pda's and SmartPhones I am glad that the one I use does offer a secure wipe option and it can be done remotely or manually. I am not sure I want to trust the remote wipe feature developed by MS and tweaked by Apple to secure wipe my device. There are alternatives available and one does offer that level of security.

May 20 2008 at 10:50 PM Report abuse rate up rate down Reply
JG

Couldn't you just wipe the iPhone with iTunes and simply fill the iPhone with data (pics, tunes, etc.), then wipe again?

May 20 2008 at 7:57 PM Report abuse rate up rate down Reply
NavStar

Sounds like a great opportunity for a shareware developer... the iPhone iNuke.

May 20 2008 at 7:24 PM Report abuse rate up rate down Reply
Chris

They really need to add a writer to zero option for the Factory Restore option.

And hopefully the remote wipe coming in v2.0 will allow write to zero instead of just removing the markers.

May 20 2008 at 10:36 AM Report abuse rate up rate down Reply
Hawkman

Well... Dur? The same is true of pretty much every mobile phone in existence - deleting something doesn't actually zero it from the storage. It's true of your computer. Hardly such a big problem as someone pinching your stuff and having immediate access to your data anyway.

The moral of the story is, don't ever store any data anywhere in case someone gets their hands on it. Or alternatively learn to live with it...

May 20 2008 at 10:35 AM Report abuse rate up rate down Reply
AG

Reminds me of a used Xbox I purchased that still had the original user's data on it for the Live service. I would have thought Apple would have been smarter with such a high profile device like the iPhone. Makes me wonder how secure the enterprises will be if they need to remotely wipe a stolen company iPhone. Apple needs to respond to this latest allegation before my money leaves my pocket.

May 20 2008 at 10:22 AM Report abuse rate up rate down Reply
1 reply to AG's comment
Econhound

and before the 3G iPhones leave the warehouses, I see this delaying the next generation back a few weeks.

May 20 2008 at 10:49 AM Report abuse rate up rate down Reply
Galley

My AT&T refurbished iPhone arrived in minty fresh condition. There was no previous data of any kind on it.

May 20 2008 at 10:19 AM Report abuse rate up rate down Reply
Pauldy

If your paranoid about someone getting yoru data I'm pretty sure you can run a dd if=/dev/zero of=/Volumes/iphonedir/test.zero

Once that crashes because it ran out of space rm -rf /Volumes/iphonedir/test.zero and ou will have efectivly reset all the bits to zero on the iphone, if this doesn't work writting an app that links against itunes to transfer a huge file of zeros over shouldn't be that hard.

May 20 2008 at 10:17 AM Report abuse rate up rate down Reply
Paul

Wait, wait, wait!

The data was retrieved with FORENSICS software, not just browsing about. Who has iPhone Forensics software? Cops, detectives, and unscrupulous hackers.

This is not for the common person, and the average Joe isn't going to be able to get to the info.

You can stop panicking now. Remember, the devil's in the details. Read the full links and blogs to discover the truth.

Nothing to see here, move along.

May 20 2008 at 10:12 AM Report abuse rate up rate down Reply
3 replies to Paul's comment
Buy an ad here

Tweets

© 2012 AOL Inc. All Rights Reserved.