[ISN] How to wipe data off an iPhone

From: InfoSec News (alerts@private)
Date: Fri May 23 2008 - 00:12:56 PDT

Previous message: InfoSec News: "[ISN] Feds encrypt 800,000 laptops; 1.2 million to go"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

http://blogs.zdnet.com/security/?p=1165

By Ryan Naraine
Zero Day
May 22nd, 2008

In reponse to reports that personally identifiable private information 
can be easily swiped from used iPhones sold on eBay, the tireless Rich 
Mogull has cooked up a nifty way to wipe data from iPhones.

Mogull admits his process is "not perfect" but it does look to be an 
easy way to overload the iPhone with music files to force an overwrite 
of the device's storage.  The Securosis.com consultant recommends the 
steps are followed multiple times, with multiple music playlists to make 
sure the device is wiped properly.

Here are Mogull's six-step recommendations:
   
1. Restore the iPhone from within iTunes.
   
2. On the "Info" tab, un-check all options so you don't synchronize 
   calendars, email, bookmarks, and contacts.
   
3. On the Photos, Podcasts, and Video tabs, uncheck "Sync".
   
4. Create 3 big playlists at large as the storage capacity of your 
   iPhone.
   
5. On the Music tab, select the first of your 3 playlists to sync. Make 
   sure the storage bar at the bottom looks full after syncing.
   
6. Sync your iPhone, change to the next playlist, sync again, and repeat 
   one last time.

In the comments, someone also suggests:

    After restoring your iPhone, jailbreak it and install OpenSSH. Then 
    ssh into the phone and load up the /root folder with meaningless 
    files. Whatever data stored there previously will get overwritten. 
    Do this in conjunction with Mogull's method to be completely 
    thorough.

If you're preparing that iPhone for sale on Craigslist or eBay ahead of 
the coming 3G version, the recommendations above can only help.

-=-

Ryan Naraine is a journalist and social media enthusiast specializing in 
Internet and computer security issues. He is currently security 
evangelist at Kaspersky Lab, an anti-malware company with operations 
around the world.

See his full profile and disclosure of his industry affiliations. Send 
tips, ideas and feedback to naraine SHIFT 2 gmail.com


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com

Previous message: InfoSec News: "[ISN] Feds encrypt 800,000 laptops; 1.2 million to go"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri May 23 2008 - 00:23:13 PDT