“Formatting” An iPhone To Wipe Data
It appears people are recovering data off old iPhones. Whoops- looks like you can pull data out of memory using forensics tools, just like any other platform. While your Mac includes the ability to overwrite old data when formatting your hard drive to prevent recovery (very cool that this is included in a consumer operating system), there is no equivalent mechanism to clear off that “ancient” original iPhone when you trade up to the 3G version next month.
For those of you who aren’t just convincing your spousees to take your “old” iPhone off your hands to justify that new toy, Securosis presents a simple process to minimize the chances of recovery. It’s not perfect, but it’s easy and should offer enough protection for those of you forced to eBay your once-precious-but-now-obsolete device:
- Restore the iPhone from within iTunes.
- On the “Info” tab, un-check all options so you don’t synchronize calendars, email, bookmarks, and contacts.
- On the Photos, Podcasts, and Video tabs, uncheck “Sync …”.
- Create 3 big playlists at large as the storage capacity of your iPhone.
- On the Music tab, select the first of your 3 playlists to sync. Make sure the storage bar at the bottom looks full after syncing.
- Sync your iPhone, change to the next playlist, sync again, and repeat one last time.
This will hopefully overwrite any of the free space on your phone, helping prevent recovery of any of those love letters and bad jokes lingering from old emails. I won’t have a chance to test this anytime soon, and odds are high some fragments will survive depending on how the iPhone allocates at the file system level, but this should be more than sufficient to prevent casual recovery of sensitive stuff if you’d like to hock your “old” phone.
Jonathan Zdziarski May 21
Incomplete. Try again.
rabbit May 21
iPhone has two partitions, applications are stored on the other partition than music. Is data stored on the same partition?
rmogull May 21
Great question, and the reason I said in the article I’m uncertain exactly what data can linger. My guess is that user data is on the same partition as music, or the partitions dynamically resize since there isn’t a different limit for email/photos/etc. over music- just one big storage limit.
Finde May 21
To save you a bit of time, couldn’t you just make 2 playlists and switch?
rmogull May 21
Probably, that should work. I just didn’t think of it.
Finde May 21
Sorry didn’t mean to sound rude, it’d just save you a bit of time, that’s all.
fractured May 21
I believe the data is kept in the \root folder. I think it shares the partition with the \media folder. I don’t believe this is overwritten by Apple data from currently sanctioned apps and media such as music or video. I think you might be able to do it by jailbreaking a cleanly restored iPhone and loading it up with apps. I could be wrong, but I think that stands a better chance than adding music.
maXimus May 21
After restoring your iPhone, jailbreak it and install OpenSSH. Then ssh into the phone and load up the /root folder with meaningless files. Whatever data stored there previously will get overwritten. Do this in conjunction with mogull’s method to be completely thorough.
AE May 22
is it really necessary to overwrite the data 3 times? Considering the fact that the iPhone uses Flash Memory…
rmogull May 22
From what I know, yes. NAND flash swaps blocks in and out of use to limit the number of writes on any single bock. The 3 times should hit enough to make the data hard or impossible to recover.
Again, no promises this works until someone with forensics tools tries it out. Considering how low the risk is to any individual, I’ve been pretty surprised how far this is spreading.
Rabbit May 22
considering the ridiculous amount of links this post gets, can’t someone with a bit of working knowledge confirm if the email data is stored on the music partition or not? the app partition has ~300MB on my 4GB iphone. If email data is stored on that partition, I can erase it by sending myself 300MB worth of emails (3 times :)
although I would just rather use terminal and copy a random file enough times to overwrite everything in that partition.
rmogull May 22
Rabbit,
No argument here. I can do the research next week, but am leaving for a trip today and haven’t had the time to jailbreak and explore the file system.
I have no idea why this post is pulling in so much attention considering how low a risk this is. NOt that I’m complaining about new readers…
Alex Jun 3
After i restore it then the Set up iphone screen comes up and says set up iphone if i set it up arent i at square 1 again?
rabbit Jun 10
all this discussion is wrong…
so there are two partitions. use df to get
root# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/disk0s1 307200 172700 131428 57% /
devfs 18 18 0 100% /dev
/dev/disk0s2 3657400 708020 2949380 20% /private/var
so apps are on \ , data is on \private\var
mail and sms and notes sit on \private\var, see http://forums.iphonehacks.com/showthread.php?p=261
after erasing my email accounts, the mail files were still there.. so overwriting the empty spaces won’t help - you first have to manually remove the emails. same with sms, notes, everything else.
/private/var/mobile/Library/Mail/Envelope Index