Login  |  Register  |  Contact

Formatting An iPhone To Wipe Data

It appears people are recovering data off old iPhones. Whoops- looks like you can pull data out of memory using forensics tools, just like any other platform. While your Mac includes the ability to overwrite old data when formatting your hard drive to prevent recovery (very cool that this is included in a consumer operating system), there is no equivalent mechanism to clear off that "ancient" original iPhone when you trade up to the 3G version next month.

For those of you who aren't just convincing your spousees to take your "old" iPhone off your hands to justify that new toy, Securosis presents a simple process to minimize the chances of recovery. It's not perfect, but it's easy and should offer enough protection for those of you forced to eBay your once-precious-but-now-obsolete device:

  1. Restore the iPhone from within iTunes.
  2. On the "Info" tab, un-check all options so you don't synchronize calendars, email, bookmarks, and contacts.
  3. On the Photos, Podcasts, and Video tabs, uncheck "Sync ...".
  4. Create 3 big playlists at large as the storage capacity of your iPhone.
  5. On the Music tab, select the first of your 3 playlists to sync. Make sure the storage bar at the bottom looks full after syncing.
  6. Sync your iPhone, change to the next playlist, sync again, and repeat one last time.

This will hopefully overwrite any of the free space on your phone, helping prevent recovery of any of those love letters and bad jokes lingering from old emails. I won't have a chance to test this anytime soon, and odds are high some fragments will survive depending on how the iPhone allocates at the file system level, but this should be more than sufficient to prevent casual recovery of sensitive stuff if you'd like to hock your "old" phone.

—Rich

Posted at Tuesday 20th May 2008 7:08 am Filed under: appleiphonenon-geeksecurity

Previous entry: SANS Webcast Tomorrow: Database Activity Monitoring | | Next entry: Adrian Lane Visits The Network Security Podcast

Comments:

If you like to leave comments, and aren't a spammer, register for the site and email us at info@securosis.com and we'll turn off moderation for your account.

By fractured  on  05/21  at  06:07 AM

I believe the data is kept in the \root folder. I think it shares the partition with the \media folder. I don’‘t believe this is overwritten by Apple data from currently sanctioned apps and media such as music or video. I think you might be able to do it by jailbreaking a cleanly restored iPhone and loading it up with apps. I could be wrong, but I think that stands a better chance than adding music.

By maXimus  on  05/21  at  06:54 AM

After restoring your iPhone, jailbreak it and install OpenSSH.  Then ssh into the phone and load up the /root folder with meaningless files.  Whatever data stored there previously will get overwritten.  Do this in conjunction with mogull’s method to be completely thorough.

By Zero Day mobile edition  on  05/21  at  04:17 PM

[...] Here are Mogull’s six-step recommendations: [...]

By How To Erase Your iPhone - For good! | Enjoy an Ap  on  05/21  at  04:50 PM

[...] Securosis.com]    Share and Enjoy: These icons link to social bookmarking sites where readers can share and [...]

By How to Better Erase an iPhone When Selling/Repairi  on  05/21  at  05:36 PM

[...] data. Basically, just run a restore and hope the next guy who has your phone isn’t nosy. [Securosis via [...]

By Securely Formatting / Erasing an iPhone | The &quo  on  05/21  at  06:09 PM

[...] to do that by syncing huge entire-phone-storage sized playlists over any freespace on your phone, click to read.                 [...]

By AE  on  05/21  at  07:07 PM

is it really necessary to overwrite the data 3 times? Considering the fact that the iPhone uses Flash Memory…

By How to "format" an iPhone to clear your  on  05/21  at  07:35 PM

[...] Read | Permalink | Email this | Comments [...]

By rmogull  on  05/21  at  07:44 PM

From what I know, yes. NAND flash swaps blocks in and out of use to limit the number of writes on any single bock. The 3 times should hit enough to make the data hard or impossible to recover.

Again, no promises this works until someone with forensics tools tries it out. Considering how low the risk is to any individual, I’‘ve been pretty surprised how far this is spreading.

By Rabbit  on  05/21  at  09:00 PM

considering the ridiculous amount of links this post gets, can’‘t someone with a bit of working knowledge confirm if the email data is stored on the music partition or not? the app partition has ~300MB on my 4GB iphone. If email data is stored on that partition, I can erase it by sending myself 300MB worth of emails (3 times :)
although I would just rather use terminal and copy a random file enough times to overwrite everything in that partition.

By rmogull  on  05/21  at  09:35 PM

Rabbit,

No argument here. I can do the research next week, but am leaving for a trip today and haven’‘t had the time to jailbreak and explore the file system.

I have no idea why this post is pulling in so much attention considering how low a risk this is. NOt that I’‘m complaining about new readers…

By   Format the iPhone and wipe all the data com  on  05/21  at  11:03 PM

[...] [via securosis] [...]

By Formatear por completo iPhone | Apple iPhone  on  05/22  at  02:10 AM

[...] puede recuperar información de un iPhone aun habiendo restaurado. Desde iPhoneFan he leído que en Securosis explican un truco para formatear por completo el iPhone y no compartir tus datos con el próximo [...]

By How to Fully Erase all the Info on your iPhone &la  on  05/22  at  02:11 AM

[...] Read [Securosis] [...]

By CrunchGear » Archive » Selling your ol  on  05/22  at  03:55 AM

[...] Since people use their iPhone for all kinds of computing, the information stored could (the key word is could) be used to steal your identity. So there are a few people out there trying to figure out the proper way to overwrite your data. [...]

By How to “format” an iPhone to clear you  on  05/22  at  10:07 AM

[...] Read | Permalink | Email this | Comments [...]

By Apple iPhone SDK - How to properly erase an iPhone  on  05/25  at  05:26 AM

[...] to the rescue! Securosis offers up a method for ensuring that all personal information gets overwritten. It involves the clever use of [...]

By iPhones remanufacturados llevan muchísima informa  on  05/25  at  12:43 PM

[...] El método se describe (en inglés) en este link del blog Securosis. [...]

By Alex  on  06/03  at  06:37 AM

After i restore it then the Set up iphone screen comes up and says set up iphone if i set it up arent i at square 1 again?

By rabbit  on  06/09  at  06:46 PM

all this discussion is wrong…

so there are two partitions. use df to get
root# df
Filesystem       1K-blocks     Used Available Use% Mounted on
/dev/disk0s1         307200   172700   131428 57% /
devfs               18     18       0 100% /dev
/dev/disk0s2       3657400   708020   2949380 20% /private/var

so apps are on \ , data is on \private\var
mail and sms and notes sit on \private\var, see http://forums.iphonehacks.com/showthread.php?p=261

after erasing my email accounts, the mail files were still there.. so overwriting the empty spaces won’‘t help - you first have to manually remove the emails. same with sms, notes, everything else.
/private/var/mobile/Library/Mail/Envelope Index

By MySecured.com · Wipe the iPhone - Methods R  on  06/15  at  04:01 PM

[...] Rich Mogull’s (securosis.com) method: http://securosis.com/2008/05/20/formatting-an-iphone-to-wipe-data/Which is an easy to do 2 restores and 3 overwrites of the iPhone device’s user data area. Look [...]

By Refurbished iPhones are an excellent source of pre  on  07/30  at  03:44 AM

[...] http://securosis.com/2008/05/20/formatting-an-iphone-to-wipe-data/  May 16, 2008: Refurbished iPhone Reveals Customer Data A few days ago, I posted a discovery in that personal data remains intact (in deleted portions of the file system) following a full iPhone restore. As it turns out, Apple may not have been aware of this privacy leak either. Thank goodness, or identity theft might actually be, like, hard. A detective from the Oregon State Police, whom I’ve verified, notified me this afternoon that an out-of-the-box refurbished iPhone he purchased contained recoverable personal data including email, personal photos, and even financial information which he was able to recover using my forensic toolkit. The photos he sent me included the individual’s name, which I’ve blurred out myself, but if you’ve ever had to return a defective iPhone, you might recognize this inbox. The more sensitive information hasn’t been posted here for obvious reasons. [...]

By Zoran  on  10/25  at  01:20 PM

Thanks a lot for this tutorial.

By jai  on  05/28  at  01:28 AM

i am formatting my apple with apple settings (1) i am reset my iphone from reset setting     (2)and then he is holding on apple arrow he coud not start tellme what can i do

By aaaaa  on  01/01  at  03:08 PM

I’m not trying to be rude, but this is a terrible and unsound way of wiping an iphone.  It’s clear that you do not understand much about computer forensics.

Page 2 of 2 pages  <  1 2

Name:

Email:

Remember my personal information

Notify me of follow-up comments?

Submit the word you see below: