Refurbished iPhones may contain other users’ personal data

iPhones sold as refurbished units may contain personal data from their previous owners that, with a little leg-work, is readily accessible by new owners. These data include email, images, contacts and more.

As previously noted, performing a “Restore” operation on the iPhone does not delete personal data from the device. Such information remain intact on the device after a restore, making the process unsuitable as a preparatory measure for iPhone resale or service. Apparently, Apple’s refurbishing procedure also does not delete the personal data.

As noted by Jonathan Zdziarski, author of the “iPhone Open Application Development” and an iPhone Forensics Manual for Law Enforcement:

“A verified detective from the Oregon State Police notified me this afternoon that an out-of-the-box refurbished iPhone he purchased contained recoverable personal data including email, personal photos, and even financial information which he was able to recover using my forensic toolkit. The photos he sent me included the individual’s name, which I’ve blurred out myself, but if you’ve ever had to return a defective iPhone, you might recognize this inbox. The more sensitive information hasn’t been posted here for obvious reasons.”

At left is actual stored data from a refurbished iPhone: a screenshot that the iPhone took itself of the user’s inbox when its user pressed the ‘Home’ button. Application snapshots are taken every time a program goes into the background to generate the zoom effects built into the device.

There currently exits no viable, publicly available method for erasing personal data on the iPhone. Erasing your content and settings has no effect on whether a subsequent owner can recover personal information. According to Zdziarski “there are only a couple low-level methods to format the NAND and I’m not sharing at the moment.”

Feedback? info@iphoneatlas.com.