We briefly mentioned using junk data to overwrite the iPhone's flash as a last-ditch method of securely clearing off your user data yesterday, and although we were half-joking, that's more or less your only option until Apple provides a
proper secure erase feature. Security researcher Rich Mogull has helpfully laid out the steps for you, and they're basically what you'd expect: restore your iPhone, don't sync any personal data to it, and then manually transfer three different playlists large enough to fill the flash. Essentially you're doing a manual three-pass overwrite, which is pretty much exactly the long and tedious process it sounds like -- but we wouldn't dream of selling or giving away our iPhones (or any other phone with personal data on it) without struggling through it.
[Via
Hack A Day]
posted May 21st 2008 3:56PM
What's the use of a 3 way pass with flash memory? You can't get information from previous write cycles from flash memory like you can with magnetic storage.
Deleting something only changes the file's attributes or location to be unlisted, not permanently deleted unless you pass over that spot. If you just format the iPhone, it won't completely fill all of the space that contains unlisted files with blank data.
Even with modern magnetic storage you can't get the old information after one overwrite. 3 for flash memory is just a waste of time.
The trouble with this though is that there could be space reserved by the iPhone for things other than music.
Actually you can. It's quite easy with the proper programs.
So, there's this many people selling their iPhones as 2nd hand that it makes a news story?
Wow, must be an awesome device. Everyone sells it after a few months of owning it
I love Apple, but for what Apple charges for their products , the profilts they are making today and all the employees their hire, this kind of stuff shouldn't be issues.
Precisely. I don't see how quality control could let something like "personal data integrity" go overlooked. I guess they didn't foresee people selling their iPhones, like the Pompous jerks they are. :-p
Haha he loves apple. Im gonna tell joey then steal your sandwich.
This annoyance goes beyond just personal information getting in the hands of somebody else. Like I have a JB phone, and sometimes some of the shit I install gets all funky and my phone will break. So I'll do a restore and its good. But when I reinstall anything all of the previous info is there. So like with games, it'll still have my high score. This bugs. I know there are some .plist files I can delete via AFP or SSH, but I really wish I could just "format" and truly start over!
dude, I like, totally read that as a BJ phone. Man, that is what I want..
a portable hummer.........:p
This really pisses me off. Having 'exchanged' two iPhones that broke after much use, I was assured by the apple store rep that performing the 'Erase all Content and Settings' would do just that.
I would have -never- turned those old phones in if I had know that they were not wiped. Credit card #'s, bank accounts, personal e-mail accounts, etc....all this is now available to whoever they pass the refurbished phone on to when I as under the impression that it was wiped??
I remember on my old blackberry if you entered a wrong password 10 times, the unit erased itself clean. Easy thing to do before selling/returning.
Signed,
A very angry and misled iPhone owner.
Where are credit card numbers stored on an iPhone? Do you mean you bought something using Safari?
Is it confirmed that this actually works? The screenshot that everybody is using is actually an image that the iPhone took when the user pressed the Home button, so it could do the zoom animation with it. I assume these temporary (system graphics) images are not stored in the same user-accessible areas of memory that this process would overwrite.
3-pass wipes still shouldn't guarantee a complete wipe. Most flash controllers have wear-level algorithims that are designed to keep one section of the flash from getting written to more than other sections. This is to increase the life span on the flash, but this also prevents you from guaranteeing that evey bit gets wiped because the controller doesn't write the data bit by bit one after the other, it jumps around the flash based on what section of the flash has less wear on it. You would have to fill up every single bit on the memory, but I believe that flash as extra memory to compensate for bad-blocks, so even then you may not get everything.
Thanks for the solution. My old iPhone is most likely going to my brother.
I wonder if any of the V2 software folks have run across a remote kill feature. If apple plans on selling to corp's then I can name a few that won't buy PDA/Phone's without remote kill.
dose it blend?
I have much more full proof method
Take a hammer beat that iphone into small pieces then insert into the industrial incinerator of your choice :)
The above method also works for removing those annoying finger smears that make the iPhone so goddamn useable.
i agree...this is the best cure :)
@fourthletter: Meh, let Frodo handle it, but I wouldn't call it the "One Phone to rule them all" in case some enormous one-eyed monster tries to steal it.
At least it's a solution. Thanks for posting this.
Don't use Bank of America, they suck!
Find a good Credit Union!!!!
I have a much simpler solution to clearing the data.
Learnt the hard way, did not check all my options and synced to iTunes. Off it goes and syncs with an empty Outlook Express contacts list, all contact data gone in an instant!
D'oh!