Apple iPhone user data cannot be safely erased

Here’s a worrying thought: that faulty/unwanted iPhone you returned to Apple has been refurbished and shipped out to a new customer with your personal data there for the taking.

Well, if the findings of iPhone hacker Jonathan Zdziarski are accurate, it appears to have happened. On his blog, Zdziarski details his efforts to recover data from a refurbished iPhone that came directly from Apple. He used his own “forensic toolkit” to extract all manner of personal data from the device.

And that’s not all. Worryingly, Zdziarski reckons that the iPhone’s Restore Mode – on which users may rely to erase their personal data – doesn’t safely erase information from the device’s memory. The reason for this, Zdziarski explains, is that the iPhone’s NAND memory isn’t formatted during the Restore operation.

On the plus side, Zdziarski says that such data-recovery techniques would be beyond most mere mortals. As well, his self-developed forensic toolkit is being made available only to “law-enforcement personnel”. And as journalists don’t operate as a police force, it looks like we’ll have no way of checking Zdziarski’s work. However, he’s clearly a clever individual and has a reliable track record in these matters.

So, consider this come June 9th as you trade in that scuffed iPhone for a shiny 3G model.

[via Jonathan Zdziarski's blog ]