iPhone: Refurbished Device Reveals Customer Data

You always wonder what will happen with your device if you have to return it.

Even more so if the device is an iPhone with a lot of your personal data on it (contacts, documents, web browser data still left in its cache, etc.).

Just found an older post about what the owner of a refurbished iPhone discovered and the data he was able to reconstruct, on zdziarski.com titled

May 16, 2008: Refurbished iPhone Reveals Customer Data“:

[Photo from Wikipedia. This work is licensed under the
Creative Commons Attribution-ShareAlike 2.0 License.]

A few days ago, I posted a discovery in that personal data remains intact (in deleted portions of the file system) following a full iPhone restore. As it turns out, Apple themselves may not have been aware of this. Thank goodness, otherwise identity theft might actually be, like, hard. A detective from the Oregon State Police, whom I’ve verified, notified me this afterrnoon that an out-of-the-box refurbished iPhone he purchased directly from Apple contained recoverable personal data. This included email, personal photos, and even financial information that he was able to recover using my forensic toolkit. Needless to say, the original owner was quite surprised. He informed me that the device had been returned to Apple under a warranty exchange only a few months ago, suggesting that Apple has been using an insecure refurbishing process for the past year.

This shows that you have to treat your iPhone like a desktop computer in case you sell or return it, as the mobile phone more and more gets part of your (digital) lifestyle and holds a lot of valuable data!

Leave a Reply

Your email address will not be published.