Apparently, hitting the “restore” function as a means to erase data does not actually erase personal data. Personal information remains “in the unallocated blocks of the iPhone’s NAND memory,” explain iPhone developer Jonathan Zdziarski. Oregon state detectives are reported to have recovered sensitive data from a refurbished iPhone using forensic software.
Zdziarski posted this in his blog: “A verified detective from the Oregon State Police notified me this afternoon that an out-of-the-box refurbished iPhone he purchased contained recoverable personal data including email, personal photos, and even financial information which he was able to recover using my forensic toolkit. The photos he sent me included the individual’s name, which I’ve blurred out myself, but if you’ve ever had to return a defective iPhone, you might recognize this inbox. The more sensitive information hasn’t been posted here for obvious reasons.”
What is worst is that the restore process will restore original OS files over the old files in the same location on the NAND, throwing out that slight chance of data corruption. Zdziarski describes the restore function as being an equivalent of performing a “quick format” on the iPhone, and a low-level format of the NAND is needed. However, no such means are currently available to the public.
While forensic software is currently the only way to recover data, refurbished iPhones will still likely contain data from the previous owner and will be easily accessible to those with proper software. The next generation iPhone is being readied for release, one can bet there will be a flood of used and refurbished iPhones floating around in the market in the coming months.