I bought a used 3GS for a cute woman years ago…
Time to boot it up and see how kinky she was!!
Time to boot it up and see how kinky she was!!
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS 17.5 Bug May Also Resurface Deleted Photos on Wiped, Sold Devices [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
Lately? This is photos from 2017. Do you have any idea how much data that is. This isn't just a bug. It's a bug we found out about it, but it exposes an underlying absolute corruption in not deleting photos we thought were deleted. This is a massive scandal. We all know not to trust google but apple keeps saying "trust us" and we keep finding they're doing things as bad or worse. At least with a pixel phone you can install grapheneOS and have some hope of auditing your own software and controlling what is and isn't on your phone. With apple you're stuck. We gave up that control bc as apple fooled us in 2016 "they will go to court not to unlock an iPhone" welp. so much for that. In the years since we found out that apple was being compelled to hand over/hack information and not be allowed to speak about it. But that also apple has been recording our Siri prompts and having a 3rd party listen to us talk to Siri. and on and on and on. Then apple wanted to scan all of our photos but "backed down" only for NOW we find out:
Apple keeps even deleted photos for YEARS. And now has a bug that restores them to "device" not even based on iCloud? WAHHHT? That's scandal upon scandal. Apple is entering google territory here. not quite Facebook but well on it's way and JUST WHEN apple was about to roll out how their AI is more "private". So much for that. I love apple products and I'm still thinking about that new iPad Pro but my God Apple you were supposed to be the good guy!! "the chosen one"
this is weird but hopefully it's the kind of story that gets notoriety so we can get an actual answer. this is bad.
Pics or it didn't happen. Oh, wait..
I do not feel it’s possible that a device wiped via erase all content and settings and set up by a new user could have the prior user’s photo’s appear.
From Apples Platform Security https://support.apple.com/guide/security/data-protection-sece8608431d/1/web/1
Just like per-file or per-extent keys, the metadata key of the data volume is never directly exposed to the Application Processor; the Secure Enclave provides an ephemeral, per-boot version instead. When stored, the encrypted file system key is additionally wrapped by an “effaceable key” stored in Effaceable Storageor using a media key-wrapping key, protected by Secure Enclave anti-replay mechanism. This key doesn’t provide additional confidentiality of data. Instead, it’s designed to be quickly erased on demand (by the user with the “Erase All Content and Settings” option, or by a user or administrator issuing a remote wipe command from a mobile device management (MDM) solution, Microsoft Exchange ActiveSync, or iCloud). Erasing the key in this manner renders all files cryptographically inaccessible.
The way encryption works on iOS makes this impossible.
My thinking on the issue where folks have had their own deleted photos reappear on their own devices is that this is an iCloud issue or an issue with devices that have not been erased securely
From Apples Platform Security https://support.apple.com/guide/security/data-protection-sece8608431d/1/web/1
Just like per-file or per-extent keys, the metadata key of the data volume is never directly exposed to the Application Processor; the Secure Enclave provides an ephemeral, per-boot version instead. When stored, the encrypted file system key is additionally wrapped by an “effaceable key” stored in Effaceable Storageor using a media key-wrapping key, protected by Secure Enclave anti-replay mechanism. This key doesn’t provide additional confidentiality of data. Instead, it’s designed to be quickly erased on demand (by the user with the “Erase All Content and Settings” option, or by a user or administrator issuing a remote wipe command from a mobile device management (MDM) solution, Microsoft Exchange ActiveSync, or iCloud). Erasing the key in this manner renders all files cryptographically inaccessible.
The way encryption works on iOS makes this impossible.
My thinking on the issue where folks have had their own deleted photos reappear on their own devices is that this is an iCloud issue or an issue with devices that have not been erased securely
that's what I was thinking and the discussion around the other users iPad is only thing that threw me off.
This is an interesting theory. Sounds like it wouldn’t be a bad idea to restore iOS via MacOS after erasing the device, to ensure the OS partition is completely stock. I would also do this when buying a used device.
I don’t feel this is possible either (a photo residing on the system volume)
In macOS 10.15, Apple introduced the read-only system volume, a dedicated, isolated volume for system content. macOS 11 or later adds strong cryptographic protections to system content with a signed system volume (SSV). SSV features a kernel mechanism that verifies the integrity of the system content at runtime and rejects any data—code and noncode—without a valid cryptographic signature from Apple. Starting in iOS 15 and iPadOS 15, the system volume on an iPhone or iPad also gains the cryptographic protection of a signed system volume
There are multiple checks to ensure that only code signed by Apple resides on the Read Only system volume
Signed system volume security
SSV not only helps prevent tampering with any Apple software that’s part of the operating system, it also makes macOS software update more reliable and much safer.
support.apple.com
Class action suit in Apple's future? WTF is wrong with them?
Those are rhetorical questions, so no need to reply.
I love Apple but really this sheer incompetence and the exposed underlying breech of faith (they were supposedly deleted after 30 days from when we deleted them) is a shocker to put it mildly.
And to think I trusted them
. Not any more. Very sad.
Those are rhetorical questions, so no need to reply.
I love Apple but really this sheer incompetence and the exposed underlying breech of faith (they were supposedly deleted after 30 days from when we deleted them) is a shocker to put it mildly.
And to think I trusted them
. Not any more. Very sad.Maybe Apple fingerprints the device and attaches it to a particular user. When the device is sold, this changes. But due to a combination of bugs, the old photos are resurfacing and the previous fingerprinting associating a user with a particular device is become active and hence even wiped and sold devices are surfacing the original user's photos?
Just a thought.
Just a thought.
Yeah, it’s called complacency. Let’s face it, we slack off a bit when things get comfortable, and at Apple, things have been comfortable for way too long.
I remember when Steve used to cycle through executives like a washing machine. It kept everyone on their toes, even if it meant they got burnt out, but the next hungry lion would step in and help push the company to the next level.
Wow... forget recycling, running old devices through a shredder may be the safest bet.
I always merely did an erase all files and settings before trading in or selling my devices but in the future I’ll add an extra step to put the devices into recovery mode and reinstall the OS as an additional precaution. Sure it is a little more time consuming but might as well until we know the true source of this bug.
Pause, wait a freaking infinitely long second here… … … …
when we are going to repurpose, sell or give a device we go through that clear, erase, reset all data (or whatever it’s called) which disables all services (iMessages, FindMy, etc) and deletes all files and caches. Supposedly.
How the hell do these photos come back then… that means that none of the above regarding data wiping is actually happening, or not as promised.
Crazy the amount of bugs that Apple triggers every single iOS or macOS updates.
when we are going to repurpose, sell or give a device we go through that clear, erase, reset all data (or whatever it’s called) which disables all services (iMessages, FindMy, etc) and deletes all files and caches. Supposedly.
How the hell do these photos come back then… that means that none of the above regarding data wiping is actually happening, or not as promised.
Crazy the amount of bugs that Apple triggers every single iOS or macOS updates.
It does not delete files and caches, it just deletes the encryption key for the data volume. If somehow the key is not deleted from the local keychain the data would remain readable.
You can not (or really, should not) delete files from a solid state device. It takes time and just wastes limited write cycles since you have to rewrite every bit. Rewriting over the decryption key is instant and costs nothing.
I have to say that "erase all content" via Settings or even a "recovery mode wipe" using a secondary device will NOT wipe your iPhone clean as the day you brought it. The system partition cannot be completely wiped. If you have ever jailbreaked iOS and and accessed both the data and system partition, you would have noticed that older jailbreak files remain on the data partition, even after doing various full wipes and DFU reinstalling/upgrading iOS using iTunes.
iOS does a lot of on-device indexing, telemetry logs and diagnostics on the data partition and my guess would be that there are background processes saving lots of user data, geolocation data, phone info, internet logs and deleted photos that are not erased during a content wipe. To what purpose, one can only guess...
My experience is with the older iOS 13 and iOS 14.8 system and data partitions. The whole Apple does not allow logging of personal data is BS. By checking the file content of quite a few apps, I have noticed that they log lots of user data such as your name, access data, various iOS info, UDID, geolocation data, and IP address.
I am not f#%cking around. Whether you believe me or not is inconsequential.
Unfortunately, being naive is not a choice, it is a trait.
Edit: I meant to say data partition is not fully wiped.
iOS does a lot of on-device indexing, telemetry logs and diagnostics on the data partition and my guess would be that there are background processes saving lots of user data, geolocation data, phone info, internet logs and deleted photos that are not erased during a content wipe. To what purpose, one can only guess...
My experience is with the older iOS 13 and iOS 14.8 system and data partitions. The whole Apple does not allow logging of personal data is BS. By checking the file content of quite a few apps, I have noticed that they log lots of user data such as your name, access data, various iOS info, UDID, geolocation data, and IP address.
I am not f#%cking around. Whether you believe me or not is inconsequential.
Unfortunately, being naive is not a choice, it is a trait.
Edit: I meant to say data partition is not fully wiped.
Last edited:
The system volume is sealed. No indexed data is stored there. When you do “Erase all content” it deletes the key for the Data volume, effectively returning to a default state. It’s as clean as it will ever be. The sealed system volume never needs to be replaced unless it’s corrupted. My system volume is bit-for-bit the same as yours (assuming same build). When you jailbreak you are doing more than you realize. You are completely altering the underlying security architecture.
Howard Oakley’s blog is a great resource for deeper understanding: eclecticlight.co. I didn’t know how little I knew until I started reading his blog.
Bruh the FBI damn near raided Apple’s headquarters back in 2016 to personally confront Tim Cook and Craig Federighi and pistol whip them into agreeing to build a back door in the iPhone‘s encryption system. They’re really not the crack team of big brain super hackers that they’re glorified as being on television, and that little tense standoff they had with Apple back then effectively confirmed it.
Sure there can be digital breadcrumbs left behind on pieces of digital evidence following a crime that might sometimes lead to partial reconstruction of incriminating data, or maybe enough to generate a new lead, but that’s typically as exciting as it gets.
Let’s assume for discussion purposes that (a) the previous owner performed the Apple-recommended “Before you sell or give away your iPhone” steps, including “Erase All Content and Settings” AND (b) this person is being truthful.
Assuming those to be true, it is difficult to see how this could happen.
Remember in iOS/iPadOS there is a different concept of users as compared to macOS, Windows, your favorite Linux distro, etc. On iOS you run as an account called mobile. On macOS you’d find the Photos library in /Users/yourusername/Pictures. On iOS photo data is on the data volume in /private/var/mobile/Media.
When you perform the “Erase All Content and Settings” operation, the key used to encrypt the data volume is deleted from the Secure Enclave. This renders all the data encrypted on the data volume inaccessible. Page 94 of the Apple Platform Security Guide has more detail.
For this scenario to actually happen, the encryption key would have to NOT be removed AND the new owner would have to essentially not write ANY of their own data to the iPhone. It seems impossible that the previous owner’s data would not be randomly overwritten by the new owner just using the device normally (installing apps, taking their own photos, etc.). Remember, there is no /Users/oldusername/Pictures hanging around, encrypted or otherwise. The old owner and new owner will both write their photo data to the same location in the file system. NAND flash will have data written all over it by the flash controller. I don’t see how the old owner’s data isn’t just randomly overwritten, encrypted or not.
Is it possible that in the event the encryption key is retained that the old owner’s photo data would be retrievable by the same iOS 17.5 bug? Sure. Photos would have to combine the old owner’s data encrypted with their key and merge it with the new owner’s data encrypted with their key and display it in the same library. I can’t see Apple writing code in the Photos app to do that.
If it is true, it’s catastrophic as the integrity of the system is completely compromised. It would mean that data beyond photos would be recoverable and that the implementation of the encryption scheme is worthless. Every “erased” device would be mineable for data. It just doesn’t seem very likely and it seems like something forensic experts, security researchers, jailbreakers, etc. would have previously found.
Assuming those to be true, it is difficult to see how this could happen.
Remember in iOS/iPadOS there is a different concept of users as compared to macOS, Windows, your favorite Linux distro, etc. On iOS you run as an account called mobile. On macOS you’d find the Photos library in /Users/yourusername/Pictures. On iOS photo data is on the data volume in /private/var/mobile/Media.
When you perform the “Erase All Content and Settings” operation, the key used to encrypt the data volume is deleted from the Secure Enclave. This renders all the data encrypted on the data volume inaccessible. Page 94 of the Apple Platform Security Guide has more detail.
For this scenario to actually happen, the encryption key would have to NOT be removed AND the new owner would have to essentially not write ANY of their own data to the iPhone. It seems impossible that the previous owner’s data would not be randomly overwritten by the new owner just using the device normally (installing apps, taking their own photos, etc.). Remember, there is no /Users/oldusername/Pictures hanging around, encrypted or otherwise. The old owner and new owner will both write their photo data to the same location in the file system. NAND flash will have data written all over it by the flash controller. I don’t see how the old owner’s data isn’t just randomly overwritten, encrypted or not.
Is it possible that in the event the encryption key is retained that the old owner’s photo data would be retrievable by the same iOS 17.5 bug? Sure. Photos would have to combine the old owner’s data encrypted with their key and merge it with the new owner’s data encrypted with their key and display it in the same library. I can’t see Apple writing code in the Photos app to do that.
If it is true, it’s catastrophic as the integrity of the system is completely compromised. It would mean that data beyond photos would be recoverable and that the implementation of the encryption scheme is worthless. Every “erased” device would be mineable for data. It just doesn’t seem very likely and it seems like something forensic experts, security researchers, jailbreakers, etc. would have previously found.
It’s supposed to be. It’s possible the original OP from the story altered the phone in some way which prevented key deletion and left that detail out.
Possibly. In that case I’m sure there are many people at three letter agencies who would like to speak with him in greater detail.
Yeah, I don't really believe it. The person likely just remembers incorrectly.
HOWEVER, while I was writing this I just remembered… older iPads and older versions of iOS are not fully encrypted, especially when it comes to iCloud. E2EE in particular is only available on relatively new iPads. In older versions of iOS… you know, I don't actually remember how it works.
I’m going to need more than a single report from a Reddit user.
Slow news day or did someone lose a bet while the editor was sleeping on the job?
1. Probably deleted it wrong
2. Only a handful out of a gazillion iPhone users are affected.
3. Government Backdoor implementation confirmed.
2. Only a handful out of a gazillion iPhone users are affected.
3. Government Backdoor implementation confirmed.