Personal information is readily available even after a restore....

[Vegeta-san]

Makes me paranoid about selling my iPhone on eBay before the 3G iPhone is released now....

Someone named Jonathan Zdziarski has discovered, using a forensics toolkit for iPhone, that even after an iTunes restore, much of your personal information is still stored on the phone, readily available to anyone with the requisite knowledge....Paranoid now?

http://www.zdziarski.com/

 

[kdarling]

A few people have even reported getting a refurb with the data clearly in view. No erasing even tried at all. So much for quality control.

Although leaving info on refurbs is pretty amateurish, the same is often true of other phones:

Phone forensics

The bigger question to me is, will the remote wipe coming in v2.0 actually do what it's supposed to do?

 

[PowerFullMac]

Restoring iPhone does NOT properly erase it!

From TUAW:

Here's a slightly disturbing story from iPhone Atlas. Apparently user data is recoverable from iPhones that are being sold as refurbished. A detective from the Oregon State police recovered email, photos, and other user data from an "out-of-the-box refurbished iPhone." Indeed the image to the right is a partial screen capture from the refurbished iPhone.

According to the iPhone developer Jonathan Zdziarski "all of the personal information that was sitting on [his iPhone] prior to the erase or restore is still left sitting in the unallocated blocks of the iPhone's NAND memory." In other words doing a Restore operation through iTunes will not actually fully delete all the data on the iPhone. What's needed is a low-level format of the NAND, but there doesn't seem to be a readily available means for doing this.

With the 3G iPhone presumably about to drop it seems safe to assume a lot of second-hand iPhones are about to become available on eBay, etc. It would be nice if there were some fully reliable way to ensure that all personal data is expunged from the device. The original information is on Zdziarski's blog.

I sorta noticed that on my iPod touch, when I restored it it still showed a playlist I had on there before the restore, and it WASENT on iTunes so it wasent syncing from there... Just a warning to anyone who wants to sell their iPhone, try and do a NAND reformat.

 

[brn2ski00]

Sold my first iPhone (4GB) 4 months back.... Didn't have any idea that a System Restore wouldn't completely erase the contents. Figures!

 

[onlycopunk]

Sure the hard drives work the same way as a computer. Formatting doesn't really "erase" anything, it just turns all the 1's to 0's and until the 0's get written over again the old information is still recoverable.

 

[Vegeta-san]

The bigger question to me is, will the remote wipe coming in v2.0 actually do what it's supposed to do?

Let's hope it doesn't take Apple that long (until June 9) to correct this problem. They can update iTunes and quickly get it out there to fix this issue.

 

[macidiot]

Refurbished iPhones are an excellent source of previous users' data

http://www.engadget.com/2008/05/20/refurbished-iphones-are-an-excellent-source-of-previous-users-d/

Quote: "It looks like you might have to think twice before flipping that old iPhone on eBay when the 3G version finally hits -- it appears that restoring the phone doesn't actually erase the contents of the flash, meaning that your data is available to anyone with the proper tools until it's overwritten."

I posted this here mostly because I am tired of uncredited submissions on MacBytes.

 

[onlycopunk]

Duh, it works just like a computer. Data on a harddrive is still retrievable after a format until the data has been rewritten.

 

[Xjett]

Ahh I just swapped my iPhone out due to the warranty, that really stinks.

 

[macidiot]

Duh, it works just like a computer. Data on a harddrive is still retrievable after a format until the data has been rewritten.

The point is, a restore is not a reformat. And that Apple does not even reformat refurbs.

 

[wildcardd]

It takes certain tools to be able to read the data. It is not like I can get a refurb and read the other user's data by turning it on.

Not sure if this requires only software, or software and hardware, but it does need CSI like stuff.

 

[JBaker122586]

What sort of data would be on there?
If it's just my name and phone number I wouldn't really care.

 

[PowerFullMac]

What sort of data would be on there?
If it's just my name and phone number I wouldn't really care.

Whatever you put on your iPhone... From the link in the first post:

n out-of-the-box refurbished iPhone he purchased contained recoverable personal data including email, personal photos, and even financial information which he was able to recover using my forensic toolkit.

If I were to reformat my HD, would I still be able to get data off it? Do I need to zero-out the data to stop it being read? Or does reformatting do that, anyway?

 

[wildcardd]

Whatever you put on your iPhone.

That hasn't been overwritten by new data that you have added.

 

[PowerFullMac]

That hasn't been overwritten by new data that you have added.

So, basically, whatever is on there at the time of the restore, plus maybe a few things you deleted if you never replaced that stuff with new stuff.

 

[longofest]

I don't know if this really feels like news perse. Like others have said, it does a quick-format which is kind of what I expect it to do. However, it does seem as though Apple should offer a way for users to "securely" erase their iPhone by doing a low-level format. Also, this kind of format should DEFINITELY be done during a certification process for refurbished goods.

 

[wildcardd]

So, basically, whatever is on there at the time of the restore, plus maybe a few things you deleted if you never replaced that stuff with new stuff.

Kind of.

When you delete something, it really isn't deleted. The sectors are "marked" meaning that when more data is added to the drive, it can be overwritten.

Hard drives behave in a similar fashion. When I delete a file, it is still there, but that sector the file was in is available to be overwritten.

So if you use a utility to recover deleted items, you might be able to get that data back IF the OS hasn't overwritten the data already.

It takes specific software to do this on a particular OS. I am assuming that nobody has that software for the iPhone (yet?). So it may also require some hardware to take that data and reconstruct the info.

I suppose it COULD be an issue in the future, but I wouldn't worry too much about it yet.

 

[kdarling]

Sure the hard drives work the same way as a computer. Formatting doesn't really "erase" anything, it just turns all the 1's to 0's and until the 0's get written over again the old information is still recoverable.

The iPhone doesn't use a hard drive, so this is immaterial.

On a flash chip, which it does use, erasing turns all the data to 1's. The flash is organized in blocks of 256K bytes, all of which must be erased before you can write over a previously written location.

Duh, it works just like a computer. Data on a harddrive is still retrievable after a format until the data has been rewritten.

Actually, it's retrievable even after being overwritten several times, with the right equipment. That's why there are special "NSA quality" erase programs available. But again, the iPhone doesn't use a hard drive.

Probably the Restore function only touches the flash blocks that it needs to, and the other many gigabytes are left alone.

 

[wildcardd]

Actually, it's retrievable even after being overwritten several times, with the right equipment. That's why there are special "NSA quality" erase programs available. But again, the iPhone doesn't use a hard drive.

Kdarling, how is that possible if it has been rewritten? The 0 is now a 1. How does it know it was once a 0?

Perhaps there are programs that take the fragments that haven't been written over and splices the data together...but remember what happened in Jurassic Park when they did that with DNA... bad juju.

 

[PowerFullMac]

I found a guide on how to get rid of all the data! Clicky!

 

[WankerWeasel]

The iPhone doesn't use a hard drive, so this is immaterial.

On a flash chip, which it does use, erasing turns all the data to 1's. The flash is organized in blocks of 256K bytes, all of which must be erased before you can write over a previously written location.

First thing to note is that it's 512 byte blocks, not 256 byte blocks (or 256KB as you wrote). 512 bytes is the ATA standard, the "bulk storage device" most modern devices follow is the ATA standard.

Erasing data on the iPhone (and other flash devices) does not cause the OS to turn the data bits to 1s. That's why data recovery applications like FileSalvage and Data Rescue II can recover deleted files from these devices. The iPhone OS make an effort to write to the storage media as little as possible. This may be because flash media can only be written to a certain number of times.

Actually, it's retrievable even after being overwritten several times, with the right equipment. That's why there are special "NSA quality" erase programs available. But again, the iPhone doesn't use a hard drive.

In theory the high points around the valley where data is written on a standard hard drive could retain some of the magnetic properties of the previous data even after the valley has been re-written with new data but it's pretty unlikely. Equipment like an electron microscope could possibly recover some of the data but there'd be no way to tell if it was the original or overwritten data and if it's fragmented then you're pretty much out of luck. To say that the data is recoverable after being overwritten several times is incorrect. For all practical purposes, when the data is overwritten once it's gone for good.

Probably the Restore function only touches the flash blocks that it needs to, and the other many gigabytes are left alone.

The iPhone's memory is basically broken into 2 separate partitions. One for the system data and one for the user's data. The Restore function only restores the information on the system partition.

I found a guide on how to get rid of all the data! Clicky!

That article clearly states that they admit that they haven't tested it.

 

[kdarling]

First thing to note is that it's 512 byte blocks, not 256 byte blocks (or 256KB as you wrote).

You're confusing smart external flash drives and dumb internal flash memory.

External flash drives have hardware to make them look like regular hard drives, and to do all the grunt work of handling bad sectors, wear leveling, etc.

The flash used by the iPhone requires a totally different kind of file manager than the simple disk drive one you're talking about. It has to do the wear leveling, erase/write/ recopy to new blocks, etc on its own. It is nothing repeat nothing like using an external flash drive.

The flash used by the iPhone is organized in 256K blocks. These blocks "only" have a 5,000 erase/write cycle lifetime. Again, nothing even close to a flash drive, which is 100,000 cycles or more.

The flash used by the iPhone can come from the factory with up to 100MB missing per 4GB rating. In other words, a 32GB device can have 800MB of bad blocks and still be considered "good" from the factory. (I suspect "Other" will contain these bad blocks.)

 

[mkrishnan]

Apple really needs to make sure there's a wiping function, even aside from the remote wipe, that actually scrubs the disk in 2.0...

In the meantime, though, just to throw this out there... It would not be *that* hard to use Audacity or the like to create some white noise music files, clone them till you have ~7.3GB worth, import them into iTunes, and copy them to the iPhone. The net result would be overwriting the drive on the iPhone with random data. If one made several different white noise files, and cloned multiple sets of iPhone-sized data, one could even essentially do multipass overwrites...

Obviously, this only covers areas of the phone where music can be loaded -- would that cover the same area where e-mails go (and contacts, I guess, although for me e-mails are a concern more than contacts)?

I'm not sure if that's the same thing as the Securosis method? That link isn't loading for me....

 

[sassenach74]

Found this on engadget:

http://www.engadget.com/2008/05/21/how-to-format-an-iphone-to-clear-your-data-completely/

 

[kdarling]

Kdarling, how is that possible if it has been rewritten? The 0 is now a 1. How does it know it was once a 0?

It's because a magnetic hard drive doesn't write exactly 1's and 0's, or put the data at the exact same location each time. Each time you rewrite, the new data is affected by the previous state, and it also leaves side tracks.

NSA has been at this kind of thing for decades. I haven't been with them for a long time, but over ten years ago it was publicly known how to recover at least two back layers of data, using various forms of scanning force microscopes. These days, it's commonly not considered erased unless you do at least ten rewrites.