Is the built in iPhone erase function secure enough or should I do more?

Posted on 2011-05-04
Last Modified: 2012-05-11
To securely erase all my data from an iPhone 3G, is the built in functionality sufficient or is data recovery still possible? Should I be doing something else in addition to this, should I run the erase function multiple times?
Question by:ThorinO
    LVL 16

    Expert Comment

    The remote wipe feature is very secure as well as the secure delete via --

    Settings > General > Reset > Erase All Contents and Settings.
    LVL 38

    Expert Comment

    by:Aaron Tomosky
    It's much faster to plug it into iTunes and click restore. Takes about 10 min. I used the option on the device and it took 2 hours.
    LVL 10

    Expert Comment

    Here is some info:

    title says it all. I have a iPhone and I wouldn't sell it to a stranger. ;-)

    LVL 38

    Expert Comment

    by:Aaron Tomosky
    That article has nothing to do with the current question. It's about extracting data from a locked phone. Not a wiped phone.
    LVL 60

    Accepted Solution

    Actually for secure erase of iphone, there is some inherent action of this already e.g.

    a) In an MS exchange server environment, for local wipe (command initiated locally and wiping locally), it uses passcode setting policy, when failed passcode attempts reached an threshold, the device is wiped. By default, iPhone will automatically wipe the device after 10 failed passcode attempts. Users can also wipe a device in their possession by choosing “Erase All Content and Settings” from the Reset menu in General settings. (, For accounts etc see also

    b) In an MS exchange server environment, for remote wipe (command initiated remotely, still locally wiping), the administrator or device owner can issue a remote wipe command that removes all data and deactivates the device. On iPhone 3GS (and iPAD), wiping removes the encryption key to the data (which is encrypted using 256-bit AES encryption) which occurs instantaneously. More details in the document below.

    @ (pg 3)
    @ (pg 9 & 33)

    For Mac OSX, I understand their secure wipe process follow US DoD standards


    Hence, iPhone would be following though I did not search further to confirm. Also according to the Center for Magnetic Recording Research, "Secure erase does a single on-track erasure of the data on the disk drive. The U.S. National Security Agency published an Information Assurance Approval of single pass overwrite, after technical testing at CMRR showed that multiple on-track overwrite passes gave no additional erasure."


    I also see the wiping of the encryption as another means of secure erase, as the device is already "scrambled" (encrypted) and without the key, we can not easily get the plain data, hence achieving same outcome as secure erasure. If we want to be more assure, have another software to the wiping. Understand in the past, there is also an iWipe app available in the Cydia store at $2.99 for jailbroken iphones, that wipes free space.


    Of course for "cheaper" approach, you can check out.


    One option would be to put it into disk mode and then use an external utility to do the wiping. Run Eraser or any free tool



    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now