How to "format" an iPhone to clear your data completely

by Nilay Patel, posted May 21st 2008 at 3:56PM

We briefly mentioned using junk data to overwrite the iPhone's flash as a last-ditch method of securely clearing off your user data yesterday, and although we were half-joking, that's more or less your only option until Apple provides a proper secure erase feature. Security researcher Rich Mogull has helpfully laid out the steps for you, and they're basically what you'd expect: restore your iPhone, don't sync any personal data to it, and then manually transfer three different playlists large enough to fill the flash. Essentially you're doing a manual three-pass overwrite, which is pretty much exactly the long and tedious process it sounds like -- but we wouldn't dream of selling or giving away our iPhones (or any other phone with personal data on it) without struggling through it.

[Via Hack A Day]

Filed under: Cellphones

Tags: apple, how to, HowTo, iphone, security, user data, UserData

Reader Comments (Page 1 of 1)

Neutral

Annun @ May 21st 2008 4:03PM

What's the use of a 3 way pass with flash memory? You can't get information from previous write cycles from flash memory like you can with magnetic storage.

Neutral

Elijah @ May 21st 2008 5:58PM

Deleting something only changes the file's attributes or location to be unlisted, not permanently deleted unless you pass over that spot. If you just format the iPhone, it won't completely fill all of the space that contains unlisted files with blank data.

Neutral

cmonkey @ May 21st 2008 4:27PM

Even with modern magnetic storage you can't get the old information after one overwrite. 3 for flash memory is just a waste of time.

The trouble with this though is that there could be space reserved by the iPhone for things other than music.

Neutral

IT-Accountant @ May 21st 2008 4:41PM

Actually you can. It's quite easy with the proper programs.

Low Ranked

Bennish @ May 21st 2008 10:11PM

So, there's this many people selling their iPhones as 2nd hand that it makes a news story?

Wow, must be an awesome device. Everyone sells it after a few months of owning it

Neutral

Jonathan @ May 21st 2008 4:06PM

I love Apple, but for what Apple charges for their products , the profilts they are making today and all the employees their hire, this kind of stuff shouldn't be issues.

Neutral

striggity @ May 21st 2008 4:15PM

Precisely. I don't see how quality control could let something like "personal data integrity" go overlooked. I guess they didn't foresee people selling their iPhones, like the Pompous jerks they are. :-p

Neutral

rock99rock @ May 21st 2008 4:12PM

Haha he loves apple. Im gonna tell joey then steal your sandwich.

Neutral

JaceFace @ May 21st 2008 4:18PM

This annoyance goes beyond just personal information getting in the hands of somebody else. Like I have a JB phone, and sometimes some of the shit I install gets all funky and my phone will break. So I'll do a restore and its good. But when I reinstall anything all of the previous info is there. So like with games, it'll still have my high score. This bugs. I know there are some .plist files I can delete via AFP or SSH, but I really wish I could just "format" and truly start over!

Neutral

majortom @ Jun 10th 2008 7:01PM

dude, I like, totally read that as a BJ phone. Man, that is what I want..
a portable hummer.........:p

Neutral

Brad @ May 21st 2008 4:19PM

This really pisses me off. Having 'exchanged' two iPhones that broke after much use, I was assured by the apple store rep that performing the 'Erase all Content and Settings' would do just that.

I would have -never- turned those old phones in if I had know that they were not wiped. Credit card #'s, bank accounts, personal e-mail accounts, etc....all this is now available to whoever they pass the refurbished phone on to when I as under the impression that it was wiped??

I remember on my old blackberry if you entered a wrong password 10 times, the unit erased itself clean. Easy thing to do before selling/returning.

Signed,

A very angry and misled iPhone owner.

Neutral

sodapop @ May 21st 2008 4:41PM

Where are credit card numbers stored on an iPhone? Do you mean you bought something using Safari?

Neutral

Randy Kato @ May 21st 2008 4:29PM

Is it confirmed that this actually works? The screenshot that everybody is using is actually an image that the iPhone took when the user pressed the Home button, so it could do the zoom animation with it. I assume these temporary (system graphics) images are not stored in the same user-accessible areas of memory that this process would overwrite.

Neutral

Weeze-dog @ May 21st 2008 4:35PM

3-pass wipes still shouldn't guarantee a complete wipe. Most flash controllers have wear-level algorithims that are designed to keep one section of the flash from getting written to more than other sections. This is to increase the life span on the flash, but this also prevents you from guaranteeing that evey bit gets wiped because the controller doesn't write the data bit by bit one after the other, it jumps around the flash based on what section of the flash has less wear on it. You would have to fill up every single bit on the memory, but I believe that flash as extra memory to compensate for bad-blocks, so even then you may not get everything.

Neutral

sodapop @ May 21st 2008 4:40PM

Thanks for the solution. My old iPhone is most likely going to my brother.

Neutral

Anthony @ May 21st 2008 4:55PM

I wonder if any of the V2 software folks have run across a remote kill feature. If apple plans on selling to corp's then I can name a few that won't buy PDA/Phone's without remote kill.

Low Ranked

Ryan @ May 21st 2008 4:57PM

dose it blend?

Neutral

fourthletter @ May 21st 2008 5:06PM

I have much more full proof method

Take a hammer beat that iphone into small pieces then insert into the industrial incinerator of your choice :)

The above method also works for removing those annoying finger smears that make the iPhone so goddamn useable.

Neutral