iPhone Atlas and a number of other sites are reporting this week that refurbished iPhones may contain personal data from previous owners – including email, images, contacts and more – that is ‘readily accessible’ to new owners of these phones.

This is because apparently performing a Restore on the iPhone does not delete all personal data from the device – and nor does Apple’s own ‘refurbishing process’.  The iPhone Atlas report is based on information from Jonathan Zdziarski, author of the ‘iPhone Open Application Development’ guide and also an iPhone forensics manual for law enforcement personnel. 

Zdziarski says that Oregon State Police have confirmed to him that an out-of-the-box refurbed iPhone contained ‘recoverable data’ including email, personal photos, and even financial information – and that they were able to access this information using Zdziarski’s forensic toolkit.

So what should you do if you’re thinking of getting rid of your iPhone and want to make sure none of your private and confidential info goes with it?

That is probably the worst part of all of this right now, at least according to iPhone Atlas and Zdziarski:

There currently exits no viable, publicly available method for erasing personal data on the iPhone. Erasing your content and settings has no effect on whether a subsequent owner can recover personal information. According to Zdziarski “there are only a couple low-level methods to format the NAND and I’m not sharing at the moment.

If this is all accurate, that is a *huge* miss on Apple’s part.  That’s worse than your lack of copy&paste, MMS, and all the rest combined.  The ability to securely wipe a smartphone device is a basic.  This would also probably be a dealbreaker for a lot of corporates, no matter how much Exchange goodness is thrown into iPhone 2.0. 

Maybe this is something that is addressed and corrected in the 2.0 firmware?  I know that a remote device wipe capability (as Windows Mobile devices offer now – so that a lost or stolen phone can be wiped by an admin from a server) was touted as one of the 2.0 features at the SDK Launch event.  I can’t see how Apple would want to promote (or even mention) that feature if it is not a full and secure wipe of the device.

Hopefully – with all the reports this week on this subject – Apple will enlighten us a little over the next few weeks.  That would be ever so helpful – especially during this little period we’re in where so many of us are considering selling the Gen 1 phone in order to raise funds for the next one …

Via: iPhone Atlas

Share this: