Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Is the built in iPhone erase function secure enough or should I do more?

Posted on 2011-05-04
5
Medium Priority
?
921 Views
Last Modified: 2012-05-11
To securely erase all my data from an iPhone 3G, is the built in functionality sufficient or is data recovery still possible? Should I be doing something else in addition to this, should I run the erase function multiple times?
0
Comment
Question by:ThorinO
5 Comments
 
LVL 16

Expert Comment

by:Raymond Peng
ID: 35694821
The remote wipe feature is very secure as well as the secure delete via --

Settings > General > Reset > Erase All Contents and Settings.
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 35694930
It's much faster to plug it into iTunes and click restore. Takes about 10 min. I used the option on the device and it took 2 hours.
0
 
LVL 10

Expert Comment

by:Madjax
ID: 35697190
Here is some info:

http://www.wired.com/gadgetlab/2009/07/iphone-encryption/

title says it all. I have a iPhone and I wouldn't sell it to a stranger. ;-)

/MadJax
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 35698877
That article has nothing to do with the current question. It's about extracting data from a locked phone. Not a wiped phone.
0
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 35711072
Actually for secure erase of iphone, there is some inherent action of this already e.g.

a) In an MS exchange server environment, for local wipe (command initiated locally and wiping locally), it uses passcode setting policy, when failed passcode attempts reached an threshold, the device is wiped. By default, iPhone will automatically wipe the device after 10 failed passcode attempts. Users can also wipe a device in their possession by choosing “Erase All Content and Settings” from the Reset menu in General settings. (http://support.apple.com/kb/ht2110), For accounts etc see also http://www.askdavetaylor.com/how_to_wipe_erase_delete_old_apple_iphone_clean_data.html

b) In an MS exchange server environment, for remote wipe (command initiated remotely, still locally wiping), the administrator or device owner can issue a remote wipe command that removes all data and deactivates the device. On iPhone 3GS (and iPAD), wiping removes the encryption key to the data (which is encrypted using 256-bit AES encryption) which occurs instantaneously. More details in the document below.

@ http://images.apple.com/iphone/business/docs/iPhone_Security.pdf (pg 3)
@ http://support.apple.com/manuals/en_US/Enterprise_Deployment_Guide.pdf (pg 9 & 33)

For Mac OSX, I understand their secure wipe process follow US DoD standards

@ http://support.apple.com/kb/HT3680

Hence, iPhone would be following though I did not search further to confirm. Also according to the Center for Magnetic Recording Research, "Secure erase does a single on-track erasure of the data on the disk drive. The U.S. National Security Agency published an Information Assurance Approval of single pass overwrite, after technical testing at CMRR showed that multiple on-track overwrite passes gave no additional erasure."

@ http://cmrr.ucsd.edu/people/Hughes/DataSanitizationTutorial.pdf

I also see the wiping of the encryption as another means of secure erase, as the device is already "scrambled" (encrypted) and without the key, we can not easily get the plain data, hence achieving same outcome as secure erasure. If we want to be more assure, have another software to the wiping. Understand in the past, there is also an iWipe app available in the Cydia store at $2.99 for jailbroken iphones, that wipes free space.

@ http://www.protectstar.com/index.php?site=en_ishredder_fuer_iphone_ipad_ipod_touch

Of course for "cheaper" approach, you can check out.

@ http://www.ilovefreesoftware.com/08/windows/file/permanently-delete-files-permanently-delete-folders.html

One option would be to put it into disk mode and then use an external utility to do the wiping. Run Eraser or any free tool

@ http://www.methodshop.com/gadgets/ipodsupport/diskmode/index.shtml
@ http://lifehacker.com/395743/completely-erase-your-iphones-data

0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
Spectre and Meltdown, how it affects me and my clients?
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question