iphone security for a trade-in. (1 Viewer)

TheForce

Thread Starter
SatelliteGuys Master
Supporting Founder
Pub Member / Supporter
Oct 13, 2003
31,264
9,040
Jacksonville, FL, Earth
This is specifically about an iphone that is turned in to Apple for a trade up program.

A friend just got a new iphone as a trade up and as such gave the Apple employee their existing iphone complete with all their itunes account info, passwords and e-mail records of all sorts of confidential information contained. They are not even sure how much of this was stored in various places on the phone. In addition there were personal pictures stored as well.

I'm not that familiar with the Apple trade up process but I am quite concerned this friend may have completely compromised their personal security and set themselves up for a possible nightmare if this information is used by dishonest people.

He was completely naive but I alerted him of the possibilities if the old phone gets into the wrong hands before it is destroyed. I suggested they immediately change all their passwords to all their accounts. Do them all.
Next I said they will need to pull their credit report and verify all existing accounts and monitor activity and if anything looks suspicious execute a fraud and alert and identity theft advisory ASAP. I've heard so many horror stories about the multiyear nightmares that begin as a result of compromised security info from smartphones and laptops

Am I being overly paranoid or is the iphone totally immune to data theft? ( I doubt that) Why would an Apple employee refuse to give the older iphone a lobotomy immediately? In fact they didn't even offer to do an in-store transfer from the old iphone and told them to just do it at home with their itunes account which will recover their calendar and contacts. Two years ago, I bought my son-in-law a new iphone for his birthday and the store salesman volunteered to transfer everything over while we waited. Then gave the older phone back to him.
 

JAG72

SatelliteGuys Master
Feb 16, 2006
8,524
57
Earth
Two years ago, I bought my son-in-law a new iphone for his birthday and the store salesman volunteered to transfer everything over while we waited. Then gave the older phone back to him.

If you are worried about you friend then you should be also worried about your son-in-law. The way they would transfer the data over to the new phone would be to copy it to a Mac in the store an then over to the new phone. All of his data was most likely left at the store as well.
 

TheForce

Thread Starter
SatelliteGuys Master
Supporting Founder
Pub Member / Supporter
Oct 13, 2003
31,264
9,040
Jacksonville, FL, Earth
That is true. Today, I think my SIL has much more to lose as like most people has learned to use the iphone for more than just keep his phone number list and e-mail. Then there is that itunes account that seems to go with every iOS. Bottom line iOS is a high security risk. Few people I know relying on iOS stuff practice safe security. Most consider it an annoyance until it is too late. Today, I worry over it more than everyone else I know except this satguys group.

I read up on this last evening and was shocked at how iphones are being compromised every day now. More and more people are getting hacked but also more and more hackers are getting caught too. I guess the real question in this case is how secure the Apple Store procedures are.
 

Claude Greiner

SatelliteGuys Master
Supporting Founder
Sep 8, 2003
13,225
3,761
Detroit - The Paris of the Midwest
I don't see the security risk beyond changing your Itunes and email password.

The person who tests out the phone will more likely turn it on and see if it powers up and functions properly and go into the settings and wipe the phone clean.

Worse case scenario, whoever handels the phone will probably look at the pictures and see if there isn't any naked or sexy candid pictures of a girl stored on the phone before he wipes it.
 

rockymtnhigh

Hardly Normal
Supporting Founder
Apr 14, 2006
30,186
911
Normal, IL
Trading in a phone like that sounds risky for sure. But all smartphones entail risk -- Android just as much. And while iOS has a Apple ID tied to it, Android has a google account tied to it.

Both entail risks. At least Apple requires you to punch in your password every-time you go buy something. On Android, hit purchase in the market, and no password is required.
 

TheForce

Thread Starter
SatelliteGuys Master
Supporting Founder
Pub Member / Supporter
Oct 13, 2003
31,264
9,040
Jacksonville, FL, Earth
I appreciate the reassurance there is nothing to worry about. While some, in their ignorance, will not have a care in the world, until they become a victim, I am the opposite and get overly paranoid over such risky lack of control. I suppose it's because my only cases of CC number theft have been by hotel employees. It probably would be at restaurants too but I never pay for a meal with a credit card. Always use cash or bill to my hotel room just because of the lack of control over my card.

As I recall the main issue with my friend's iphone was some dead touch areas of the screen making some things difficult to do. I had a similar issue with an old windows Mobile phone, XV6600 and I did a factory default reset and pulled the SD card before turning it in to the store tech for a new one exchange. Some people do banking on their phones. I don't. Too afraid to.

Last Spring I lost my Thunderbolt. As soon as I discovered it, I called the phone and a guy answered. I explained that I was the owner and lost it. He told me one of his customers found it outside his restaurant and turned it in. He said he had a friend who was a phone hacker and he tried to get into the phone to get an ID and couldn't break the strange graphic. ( On the T-Bolt you have to draw a pattern on the screen to open it.) So, I made a time to meet with the guy and got my phone back. My problem was that the belt case slipped off my belt. Now I have a different case that I have to feed the belt through loops. It was good to know that my phone was secure. However, I do know that the micro SD card could have been compromised. It's hard to get to unless you know the phone. Because of that incident I also now password protect my phone backups stored on the card.
 

rockymtnhigh

Hardly Normal
Supporting Founder
Apr 14, 2006
30,186
911
Normal, IL
I appreciate the reassurance there is nothing to worry about. While some, in their ignorance, will not have a care in the world, until they become a victim, I am the opposite and get overly paranoid over such risky lack of control. I suppose it's because my only cases of CC number theft have been by hotel employees. It probably would be at restaurants too but I never pay for a meal with a credit card. Always use cash or bill to my hotel room just because of the lack of control over my card.

As I recall the main issue with my friend's iphone was some dead touch areas of the screen making some things difficult to do. I had a similar issue with an old windows Mobile phone, XV6600 and I did a factory default reset and pulled the SD card before turning it in to the store tech for a new one exchange. Some people do banking on their phones. I don't. Too afraid to.

Last Spring I lost my Thunderbolt. As soon as I discovered it, I called the phone and a guy answered. I explained that I was the owner and lost it. He told me one of his customers found it outside his restaurant and turned it in. He said he had a friend who was a phone hacker and he tried to get into the phone to get an ID and couldn't break the strange graphic. ( On the T-Bolt you have to draw a pattern on the screen to open it.) So, I made a time to meet with the guy and got my phone back. My problem was that the belt case slipped off my belt. Now I have a different case that I have to feed the belt through loops. It was good to know that my phone was secure. However, I do know that the micro SD card could have been compromised. It's hard to get to unless you know the phone. Because of that incident I also now password protect my phone backups stored on the card.

Your phone was secure, but the pattern lock is just as easy to break as the 4-digit password, just a matter of persistence. I have a 4-digit lock on mine. Not sure it protects me, but better than NOT having a 4 digit password.
 

rglore

Pub Member / Supporter
Pub Member / Supporter
Mar 12, 2006
1,653
94
Louisville
You can also switch the iPhone's 4 digit simple passcode to complex passcode in the settings menu for more security.
 

mike123abc

Too many cables
Supporting Founder
Sep 25, 2003
23,309
1,930
Norman, OK
I have the 10 tries and erase enabled on mine. I tested it one time. It takes a long time to do it since after a few tries it starts making you wait hours before you can try again. I guess that they want to make sure you do not erase your phone when too drunk to type...
 

Pepper

DVR Addict~Mad Scientist
Supporting Founder
Mar 16, 2004
8,186
1,052
Satsuma, AL
I am not at all worried about iOS security on my devices, but I follow a few logical precautions.

1. passcode on the device (a good one, not the same as your bank card pin!)
1a. KeypadTransparency (Cydia tweak) makes the keypad almost invisible when entering the code
2. Because it's jailbroken, make sure default passwords are changed
3. device is activated with MobileMe/Find my iPhone so they can track me, er, that is, so I can track the phone if lost/missing and remote wipe if necessary
4. The data partition of iOS is encrypted since version 4.0 if I remember correctly
5. If I ever need to trade it in or send it back, of course it would be wiped and restored to factory first
6. (another Cydia tweak) Internalizer: the lock screen has "Property of [my name]; reward if found; [my alternate phone numbers]" plastered on it

Point of information: A "hacker" is somebody like comex or musclenerd who figured out how to jailbreak the phone or other similar activities. A "cracker" is a criminal who breaks in and steals your information.

Your friend is "probably" ok. His email and other passwords would be stored in an encrypted form. That said, anyone with physical access to the device, unlocked, would have access to those email accounts or other resources as long as the passwords remained unchanged, and would have permanent access to whatever is already downloaded locally on the device.
 
Last edited:

Users who are viewing this thread

Users Who Are Viewing This Thread (Total: 0, Members: 0, Guests: 0)

Latest posts

Top