Personal Information Recovered From Refurbished iPhone

Some disturbing information has come about that might make you think twice about handing in your old iPhone to Apple to be refurbished. An Oregon State police officer was able to recover email, photos, and other data from an "out-of-the-box refurbished iPhone" he had purchased. Jonathan Zdziarski was contacted by the officers who found the information.

He wrote:

“A verified detective from the Oregon State Police notified me this afternoon that an out-of-the-box refurbished iPhone he purchased contained recoverable personal data including email, personal photos, and even financial information which he was able to recover using my forensic toolkit. The photos he sent me included the individual’s name, which I’ve blurred out myself, but if you’ve ever had to return a defective iPhone, you might recognize this inbox. The more sensitive information hasn’t been posted here for obvious reasons.”

Below is an actual screenshot (with the sensitive information removed) of a screenshot taken by the mail application when generating the zoom effect we so often see, which the iPhone actually uses a screenshot to generate. The screenshot was recovered from the device. The officer recovered more than 40 of these kind of images from the device.

Mr. Zdziarski had posted his discovery that the iPhone did not completely erase personal information on his blog a few days earlier.

The security implications of this are severe.

[Johnathan Zdziarski's Web Site via iPhone Atlas]