iOS 17.5 Bug May Also Resurface Deleted Photos on Wiped, Sold Devices [Updated]

[t0rqx]

Respectfully, Tim and Craig are overdue for retirement.

Why? This feature was intentional. Just like the VPN not encrypting data.

 

[rehkram]

Aye yai yai. With everything else going on in the world now we have this cr@p to contend with. 😢

 

[Victor Mortimer]

So, while we're not 100% sure if this is a local storage problem (shouldn't be possible) or an iCloud problem yet.

But I'd strongly suspect iCloud, and I'll say the thing I always say: STOP PUTTING YOUR STUFF ON SOMEBODY ELSE'S COMPUTER AND EXPECTING IT TO BE SECURE.

There is no such thing as "the cloud". It's ALL just somebody else's computer, and IT'S A BAD IDEA.

At the VERY least, any data you put on somebody else's computer should be end-to-end encrypted. If you used iCloud Photos and didn't turn on "advanced data protection" then ANY data leak is YOUR FAULT.

As for me? I do not use it AT ALL. My photos go from my phone to my computer, and are backed up to my backup drives. I won't even use "cloud" calendars or contact lists, and I definitely don't keep my email stored on somebody else's computer, it's all on my own email server.

Yes, I know Apple makes it easy. It doesn't make it any less stupid.

 

[twilson]

So much for encrypted data

None of this suggests that it isn’t encrypted. Apple will have the ability to decrypt the data (otherwise how do you think iCloud.com works)

 

[DesiMunda]

Now you know not to make your your X video on your phone (upload then delete) that won’t insure anything. Your fetish will be public in no time and we would all know what you “really like” 🤣

 

[Tevos]

People with iPhone8/X or below laughing their collective backsides off. LOL Imagine number of all the dick pics Apple sees every day.

iOS 17.5 is new, totally awesome, ad campaign from Apple why people should NOT use iCloud (or another cloud service for that matter) for any compromising stuff. A real masterpiece. 🤣 <s on> Give that dev team a hefty bonus! </s off>

Fortunately I ignore iCloud 99.9% so 0 compromising data was ever stored there - just my stash for W40K/ME books.

 

[Jim Lahey]

Deleted.

 

[Jim Lahey]

None of this suggests that it isn’t encrypted. Apple will have the ability to decrypt the data (otherwise how do you think iCloud.com works)

Not on a nuked device. Erasure is supposed annihilate the keys. So while the ones and zeroes are technically still there, they cannot ever be decrypted into anything meaningful. Effectively the data is mumbo jumbo. That is the story anyway...

 

[D1G1TALR0B0T]

Just thinking about things from the Mac side.

On an Apple Silicon Mac if you use Ease Assistant and if FileVault was not enabled is it still a fully secure erase?

 

[ManuCH]

The only way I can *very theoretically* see this happen is the following:

• the iCloud servers create "download queues" where they assign sync activities to individual devices based on their serial number (instead of the iCloud ID)
• those queues somehow got stuck, had some database corruption, you name it, and couldn't get executed
• some upgrade/fix they rolled out fixed the corrupt data, recovered those "stuck" download queues and got them starting again
• now a device with a serial number of a previous download queue could get data not intended for its current owner

Now this is very speculative and I would surely hope Apple doesn't tie download tasks to device serial numbers. I don't know if the iCloud architecture is documented in a way that we can go verify this.

I honestly think that what this Reddit guy posted is complete BS, or that he doesn't remember well how he erased his device, or that he didn't have a PIN set (and therefore it was unencrypted). Otherwise, erasing an iPad removes the file system encryption keys from the Secure Enclave and there's no way to get the data back from the device itself.

And: if you have Advanced Data Protection active, this could never happen, as the newly reset iPad wouldn't own the keys to decrypt whatever is coming from the very speculative "iCloud download queues" I mentioned above.

 

[svish]

Very serious bug. Hope Apple fixes it immediately.

 

[fockx]

ONE (unconfirmed) report from a dubious user on reddit and the ludicrous knee jerk reactions to it from some here makes me wonder just one thing, WHAT in all that is holy were you guys storing on your devices/iCloud?

 

[JonathanParker]

The original reddit post that made this claim got deleted?

 

[ManuCH]

The original reddit post that made this claim got deleted?
View attachment 2379701

Indeed. Usually, if it smells like BS, it is. Here's a screenshot of the original post:

 

[HMI]

they might need to increase the trade-in value for all iOS 17.5 capable iPhones/iPads, just to keep people trading in. Makes me kind of happy I've always kept my older used devices instead of trading them in.

 

[Arctic Moose]

• the iCloud servers create "download queues" where they assign sync activities to individual devices based on their serial number (instead of the iCloud ID)

Yeah, this is exactly what I was going to suggest.

Also, without ADP turned on the photo data will actually not be encrypted at rest, making this scenario not only theoretically possible, but also actually quite plausible.

 

[JonathanParker]

I saw a video on TikTok which got 3.7M views… Apple will have no choice but to address this now

TikTok - Make Your Day

TikTok - trends start here. On a device or on the web, viewers can watch and discover millions of personalized short videos. Download the app to get started.

vm.tiktok.com

 

[JonathanParker]

I saw a video on TikTok which got 3.7M views… Apple will have no choice but to address this now

TikTok - Make Your Day

TikTok - trends start here. On a device or on the web, viewers can watch and discover millions of personalized short videos. Download the app to get started.

vm.tiktok.com

and another one with 935K views

TikTok - Make Your Day

TikTok - trends start here. On a device or on the web, viewers can watch and discover millions of personalized short videos. Download the app to get started.

vm.tiktok.com

 

[mrbkk]

How is this physically possible? If you erase the device it erases the encryption key for the storage meaning nothing can be read, then it's resurfacing photos from where?

Only place I can think of is iCloud backup. Apple never claimed those were encrypted.

 

[bobbie424242]

"What's on your iPhone stays on other people's iPhone"

 

[rid]

On the bright side, this likely means the photos are not from iCloud, but rather some decrypted cache still left on the device that somehow escaped getting deleted.

 

[JuicyGoomba]

Let’s assume for discussion purposes that (a) the previous owner performed the Apple-recommended “Before you sell or give away your iPhone” steps, including “Erase All Content and Settings” AND (b) this person is being truthful.

Assuming those to be true, it is difficult to see how this could happen.

Remember in iOS/iPadOS there is a different concept of users as compared to macOS, Windows, your favorite Linux distro, etc. On iOS you run as an account called mobile. On macOS you’d find the Photos library in /Users/yourusername/Pictures. On iOS photo data is on the data volume in /private/var/mobile/Media.

When you perform the “Erase All Content and Settings” operation, the key used to encrypt the data volume is deleted from the Secure Enclave. This renders all the data encrypted on the data volume inaccessible. Page 94 of the Apple Platform Security Guide has more detail.

For this scenario to actually happen, the encryption key would have to NOT be removed AND the new owner would have to essentially not write ANY of their own data to the iPhone. It seems impossible that the previous owner’s data would not be randomly overwritten by the new owner just using the device normally (installing apps, taking their own photos, etc.). Remember, there is no /Users/oldusername/Pictures hanging around, encrypted or otherwise. The old owner and new owner will both write their photo data to the same location in the file system. NAND flash will have data written all over it by the flash controller. I don’t see how the old owner’s data isn’t just randomly overwritten, encrypted or not.

Is it possible that in the event the encryption key is retained that the old owner’s photo data would be retrievable by the same iOS 17.5 bug? Sure. Photos would have to combine the old owner’s data encrypted with their key and merge it with the new owner’s data encrypted with their key and display it in the same library. I can’t see Apple writing code in the Photos app to do that.

If it is true, it’s catastrophic as the integrity of the system is completely compromised. It would mean that data beyond photos would be recoverable and that the implementation of the encryption scheme is worthless. Every “erased” device would be mineable for data. It just doesn’t seem very likely and it seems like something forensic experts, security researchers, jailbreakers, etc. would have previously found.

Why are you making things up to try and defend a trillion dollar corporation?

This has happened in the past when people using iCloud Photo sync with Windows' new Photos app, a system implemented by Apple in the wake of all the anti-competitive publicity, only to find that they were getting entirely different users photos in their gallery.

Apple has a history of this, and people like yourself just make the situation worse.

Please put down the Tim Apple-Aid.

 

[Pezimak]

Hey, if Apple screwed up then they deserve the heat, but this is a lot of speculation and doom-posting from a single anonymous Reddit comment with zero corroboration.

Very true, we'll need to see if anyone else confirms this next week.

 

[Elusi]

Making all other -”gates” small by comparison. Big yikes. Even if it’s just deleted photos for oneself.

Huge breach of trust. Disappointed.

 

[JuicyGoomba]

Making all other -”gates” small by comparison. Big yikes. Even if it’s just deleted photos for oneself.

Huge breach of trust. Disappointed.

I know a lot of it is down to how susceptible most people are to marketing and advertisements, but as someone who is capable of thinking independently and logically it makes no sense to me that anyone would put such a level of trust in any corporation, let alone one which actively monopolises for extreme profit.

There's so much hate on Google in here, but at least you know Google will protect the data as best they can, as it funds their entire business. Apple don't care about these incidents, it's bad PR for a couple of days then everyone forgets and goes back into the garden.

While Apple do certainly implement some precautions, such as blocking a lot of fingerprinting on web browsing for example, it's all just a fallacy to sell you a product. They don't actually care and incidents like this re-occuring with such frequency proves it.

At the end of it all, Apple are the same as all the other soulless public corporations. They exist to make share holders rich by exploiting their customers. Unless you take a more hardcore and involved approach, such as hosting your own PiHole setup, personal VPN, open source non-cloud software, etc, then this will always be an issue. Your privacy doesn't really exist at all if you're letting another entity be in control of it.