Stephen Freeman Rotating Header Image

June 4th, 2008:

Do you know where your iPhone is?

Scary security story about personal data not being flushed on iPhones at http://www.zdziarski.com/

A few days ago, I posted a discovery in that personal data remains intact (in deleted portions of the file system) following a full iPhone restore. As it turns out, Apple themselves may not have been aware of this. Thank goodness, otherwise identity theft might actually be, like, hard. A detective from the Oregon State Police, whom I’ve verified, notified me this afterrnoon that an out-of-the-box refurbished iPhone he purchased directly from Apple contained recoverable personal data. This included email, personal photos, and even financial information that he was able to recover using my forensic toolkit. Needless to say, the original owner was quite surprised. He informed me that the device had been returned to Apple under a warranty exchange only a few months ago, suggesting that Apple has been using an insecure refurbishing process for the past year. Here are some blurred screenshots of just some of the data recovered: