2

My friend's iPad 2 Air fell to the ground and something malfunctioned and the device stopped working. She took it to a repair shop where they looked at what they could do to fix it. They said if they can't do anything then they offer to get rid of it for her (model out of warranty and Apple won't replace it anyway).

How safe is it to give the device to anyone? Is there a possibility that someone (not the specific store, but in general) could be able to get personal information from the device extracted for their own purpose? Personal information includes any kind of tokens in the device's storage, files etc

schroeder
  • 123,438
  • 55
  • 284
  • 319
Jim
  • 173
  • 4

1 Answers1

3

It's going to be impossible to tell what can be extracted from a non-functioning device without inspecting it. It is impossible for us to know what has malfunctioned or how or if storage is accessible or damaged.

So, yes, there is a possibility that someone could extract any amount of data. If you want to be on the safe side, and you cannot factory reset (and be sure that the reset worked), then destroy the device instead of giving it to just anyone.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • But isn't the storage encrypted by default for apple? – Jim Sep 04 '18 at 21:18
  • Possibly. What version of iPad? What IOS version? How was the device configured? – schroeder Sep 04 '18 at 21:19
  • iPad 2 Air. I think iOS 11.0+. I don't know what you mean by device configuration – Jim Sep 04 '18 at 21:21
  • By "configured", I mean, was encryption turned on? off? etc. How complex was the passcode? – schroeder Sep 04 '18 at 21:30
  • That I don't know. I was under the impression that the encryption is on by default and I really doubt she has changed the default. 4 digit passcode and was not 1234 or all same digits – Jim Sep 04 '18 at 21:32
  • 1
    The point is that the device is now a completely unknown factor. It is supposed to fail safe and be encrypted by default, but you cannot verify that. So, you are left with making a guess in the dark. If everything works correctly, then you should have a reasonable level of safety. But, you already know that everything is not working correctly and you cannot know how it is functioning right now. Safe side, destroy properly. Chances that an encrypted device can be decrypted after physical damange? Very low. So, how's your tin foil hat fitting today? – schroeder Sep 04 '18 at 21:38
  • I was wondering why you mention destroy and not return to apple even without anything in return? – Jim Sep 04 '18 at 21:49
  • What do you mean "anything in return"? – schroeder Sep 04 '18 at 21:53
  • Usually either they replace the device (in warranty) or they offer a discount for newer model or they just take it without any offer for recycle – Jim Sep 04 '18 at 21:56
  • I feel that I have answered you. Is it possible that they could get data off of it? Yes. Maybe. Which means that to protect that data, you need to destroy the device. If you want a discount, you can give them the device and there is a low chance that they would be able to extract data. – schroeder Sep 04 '18 at 21:59
  • @schroeder iOS devices are encrypted by default since the iPhone 4. The relevant question is the security of the passcode and if the device was updated to the latest OS. – user71659 Sep 04 '18 at 23:40
  • @user71659: Seems that one needs to actually enable encryption according to this https://www.macworld.com/article/1160313/iPad_security.html – Jim Sep 05 '18 at 10:00
  • @schroeder:if encryption is on does it require 2 PINs? My friend does not remember if she explicitly set something – Jim Sep 05 '18 at 10:01
  • @user71659 and with the suggestion that there might be tools for Apple to break that encryption, then handing it to Apple might result in the possible extraction of data. Yes, that's a lot of "mights" and "maybes", but the question is if it is "possible". – schroeder Sep 05 '18 at 11:40