Reselling your used iPhone can be risky business if the device contains sensitive data. Normal restore and wipe procedures don't fully delete user daa from the iPhone. In fact, iPhones sold as refurbished units may contain personal data from their previous owners that, with a little leg-work, is readily accessible by new owners. These data include email, images, contacts and more.
With a new iPhone model expected to debut in a matter of days or weeks, many current-generation iPhone owners are looking to unload their devices on eBay or elsewhere, potentially triggering a flood of unintentional personal data release. Fortunately, there is a method that, while time consuming, will significantly decrease the chance of new owners culling stored data from used iPhones.
Jonathan Zdziarski, the author of the "iPhone Open Application Development" and an iPhone Forensics Manual for Law Enforcement who has done most of the research on recovering ostensibly deleted data from refurbished or resold iPhones, has now published information on safely deleting information from the devices, making them appropriate for resale.
"What I will share, however, is the way in which I wipe my own devices before I resell them, which I believe the consumer has a right to do. Mind you, I make no guarantees about this and accept no responsibility for you hosing your iPhone. This is what works for me:
He describes the process as follows:
- "Perform a full restore, but be sure to set the device up as a "new phone", rather than restore from a backup (of course). This destroys the live file system only, but isn't really necessary. I do this to be extra safe that no writes to the device occur after wiping (and if they do, will not include any of my personal data).
- "Jailbreak the device using something like iLiberty and obtain shell access via ssh.
- "Find a copy of 'umount' for the iPhone. This can be found on the RAM disk, or in other places. Don't ask me for it. Now force both mount points into read-only mode:
- # umount -f /private/var
- # mount -o ro /private/var
- # mount -o ro /
- "NOTE: The GUI will be non-responsive when /private/var is mounted read-only, so be sure not to try and use it.
- "Wipe both partitions clean by copying /dev/zero over them. Ideally, /dev/random would be better, but it will heat up the CPU considerably and take a much longer period of time. Unless you are trying to hide information from the CIA or some other organization with the resources to perform low-level NAND recovery, a single /dev/zero wipe will suffice:# cat /dev/zero > /dev/rdisk0s2; cat /dev/zero > /dev/rdisk0s1
- "Force the device into recovery mode (Home Power until "Connect to iTunes") and then perform another full restore.
- "If you are paranoid about a low-level NAND recovery, use /dev/random and repeat these steps about seven times - or simply take a sledge hammer to the device.
"The entire process takes a considerable amount of time - perhaps an hour or two if you get good at it. It's not something anyone is going to be able to pull off if they hear sirens approaching, and so essentially this is only useful for legitimate consumers selling their devices. I'd also recommend wiping any devices you might happen to purchase, to prevent someone else's incriminating evidence from haunting you should the device ever be examined. "