Refurbed iPhones not so secure
Thinking about selling your iPhone in anticipation of the upcoming 3G launch? Proceed with caution. According to iPhone Atlas, “delted” user data is still able to be recovered by future owners. It seems that user data is held in unused portions of the device’s NAND memory, even after a full wipe has been executed. A recent attempt to mine data from a fresh-out-of-the-box refurbished unit revealed a significant amount of sensitive data, including emails, contacts, and more. To be fair, the miner recovered the data with professional grade forensics software, so you probably won’t have much to worry about from the average end-user, but it’s still something to be mindful of if you’re looking to sell your unit second hand.
Tags: 3G, iPhone, NAND, refurbished
Oh my!
Permalink | Reply
lol sucks for them lol
Permalink | Reply
ROFL!!!
Permalink | Reply
Go Apple!!
Permalink | Reply
Won’t be an issue unless everyone knows the info is there and they go looking for it. And that won’t happen, its not like someone is going to post this on the internet
Permalink | Reply
This is not only iphone related, Forensic can be done on any device otherwise i don’t think the government will allow it to be sold
Permalink | Reply
Not so, keymaker. When you use the built-in secure wipe on a Blackberry, it overwrites both the ram and flash memory four times. Seems like somebody thought of this… in 2004.
Permalink | Reply
LOL Would never hear about this kind of security flaw on a blackberry
Permalink | Reply
I’ll repeat it again for you, forensics can be done on any device, digital cameras, HDD, phones, anything that has a storage feature. Theres no such thing as secure wipe or erase, even if you where to take the drive apart & smash it with a hammer, data can still be recover, that’s why no one had jump at this before. Even if apple comes out & tell you it overwrites 20 times when a restore is made the unit will still be vulnerable to law enforcement, iphone & any device, otherwise it will not be on the market
Permalink | Reply
“Even if apple comes out & tell you it overwrites 20 times when a restore is made the unit will still be vulnerable to law enforcement, iphone & any device, otherwise it will not be on the market”
Do you have anything other than paranoid speculation to back this up?
Permalink | Reply
I’m pretty sure that it would still be on the market, just if people saw it advertised they wouldn’t touch it with a 10 foot pole.
Permalink | Reply
BlackBerry security wipe (page 67):
http://na.blackberry.com/eng/deliverables/799/BlackBerry_Enterprise_Solution_Security_Technical_Overview%5B1%5D.pdf
No one’s going to read it after that.
Permalink | Reply
The BlackBerry has been security certified by multiple security agencies and governments. I believe the BlackBerry product has repeatedly touted their security features while the iPhone does not pretend to be nearly as secure a device. Most end users don’t need or care. So unless you can show where in the BlackBerry’s wipe process it fails to remove user data let us all know
Permalink | Reply
Sounds like sour grapes from iPhone users (and PalmOS, WinMobile etc). So you can carry lots of music and movies and flick through your files but you can’t secure wipe your own, well you know.
Permalink | Reply
@ppcmd - You’re entirely too old to be acting like a child, goading the lowbrow fighting of OS v OS. TechnoFascism is _so_ 2000.
Permalink | Reply
Age has nothing to do with it, but the fact that Apple touts their device as so perfect and without fault you have to shove it in Job’s face to make your point.
BTW I own quite a bit of MAC gear and love my MAC gear and use Windows XP just so i can sync my BB data.
The end result is I have the best desktop paired to what I feel is the best Mobile device for me and secure device it is.
Permalink | Reply
“TechnoFascism is _so_ 2000.”
The rest of the internet missed this memo
Permalink | Reply
any body wh want your idetity bad enogh ie fradsters 419 scammers an identy theive wi grab it all they need is som adderol or meth to rais ther attention san an go int ocd mde a SN isworth over $5000 to a fraudster or a cyote smugler th help ilegals get n on the grid an oen bank accouts get a iccense ect.
they can tread your stored emails get account refences, credit ard numbers with the pin codes
email adresses hon neumbers to social enginerr people for other stuff Kevin Mitnick style.
an all you need is the interface usb cable an a program to read the memory adressd wich soldn’t take long you get get readers with software for this kinda thing if you know were to look.
then sombody els can say all your passwordz belong 2 us
once agin this goes back to apples Illusion of security
Permalink | Reply
“Do you have anything other than paranoid speculation to back this up?”
This is so well known that even the TV show NUMB3RS covered it in the first season. Whenever data is stored to a device (both on platters on a hard drive AND on nand memory) the data is stored by magnetics (platters) or eletronic impulses (nand). In the case of platters, that magnetic information is stored on the platters, but as such is the nature of magnetics, the data also exists above the surface of the platters (anyone who knows ANYTHING about magnets work knows that magnetic fields flow around any device with magnetistic properties). When the data is *securely wiped*, those magnetic fields often continue to retain the data that was originally stored on the platters. I’m not 100% on the science behind it, but ghost data also exists in nand devices.
Also, anyone thinking you can just use a magnet to erase the data, think again. Modern hard drives are shielded extremely well, and (and i can say this from personal experience) even if you remove the case, it’s still not an easy task to erase data with a standard earth magnet.
Permalink | Reply