Secure data wipe built into iPhone Software v2.0

Posted:
in iPhone edited January 2014
Responding to concerns over the integrity of the iPhone's data reset methods, Apple has taken the extra step and built a more secure data wipe function into the next version of the handset's software, AppleInsider has learned.



People familiar with the beta versions of iPhone Software v2.0 say the upcoming release will employ a more foolproof method of erasing all personal data and settings from an iPhone. As is the case with the existing version of iPhone software, the function will be accessible by selecting Settings > General > Reset > Erase All Contents and Settings.



Unlike today's iPhone software, however, the revised function will wipe data in similar fashion to the "Secure Empty Trash" function of Mac OS X, by which all data is deleted, unlinked, and then overwritten several times to make it irretrievable by even the savviest of recovery tools.



As such, the new function will take considerably longer to complete -- about an hour for a typical 8GB iPhone. A progress bar appears during the process. During the data wipe, users should connect their iPhone to its power adapter as the process is believed to be CPU intensive.



The updated functionality arrives following reports that an Oregon State detective was able to successfully retrieve personal data -- including emails, photos and financial information -- from a refurbished iPhone sold by Apple.



Jonathan Zdziarski, author of the "iPhone Open Application Development,? noted that Apple's existing erase-and-restore function leaves all of a user's personal data "sitting in the unallocated blocks of the iPhone's NAND memory." And there's no viable, publicly available method for erasing the personal data from the Apple handset, he added.



Data reset panel in iPhone Software v1.1.4 on left, v2.0 on right.



The improvements to the iPhone's data wipe will also arrive at a time when masses of original iPhone owners will be attempting clear information from their handsets and resell them to others after upgrading to an iPhone 3G. iPhone software 2.0 will also include among its many enterprise-ready features a function called "remote wipe" that was designed to protect data stored on iPhones by offering a means to remotely wipe them clear in the event that they are lost or stolen.



According to official statements made by Apple during its developers conference earlier this month, as well as this press release, "iPhone 2.0 software will be available on July 11 as a free software update via iTunes 7.7 or later for all iPhone customers." However, a gold master version may be provided to some Apple employees and partners as early as friday.
«1

Comments

  • Reply 1 of 40
    SpamSandwichSpamSandwich Posts: 33,408member
    My only question... is this as good, or better than what is offered to Blackberry users?
  • Reply 2 of 40
    freenyfreeny Posts: 128member
    so if my old iphone locks up after switching to the new phone how will one access this function?...
  • Reply 3 of 40
    nofeernofeer Posts: 2,422member
    they should also have a "find locate" ability, so when one is stolen, apple or att is notified, a wipe is done and connected to wifi OR network, it's located, and a picture is taken something like they have for the mac/ laptops that would put a big negative for stealing this thing. make this ability part of the os, not just be buying software, that way the "black market" would be minimized. i wish ipods had that ability, when an ipod is stolen, it can be located when connected to itunes
  • Reply 4 of 40
    Maybe someone can explain the Remote Wiping in further detail for me. It seems quite easy to bypass. You take someone's iPhone, crack it open and pull out the SIM chip. Now it is no longer on the network and cannot be remote wiped. This can all be done within minutes of losing your phone. It could be that this feature isn't meant to prevent people from stealing company/personal secrets but rather a feel good way of knowing you might be able to wipe your information should you lose your iPhone. Is my assessment correct that the only connection the iPhone has for remote wiping is through the SIM chip?



    [edit]

    I realize that the iPhone can connect wirelessly to the internet but that is easily stopped also by turning off wireless access. The only identifying feature of the iPhone would be the MAC address at that point. I think it all sounds great in theory but no where near secure enough to prevent someone from taking secrets off an iPhone. The only plausible secure way would be to encrypt all the data on the iPhone and allow access to the data through a password you enter every time you utilize your iPhone. Then if you lost your iPhone and the encryption was strong enough they would be out of luck. You can't crack strong encryption like you can on TV. Then thief's would need to, once again, resort to Social Engineering to obtaining passwords and information.

    [/edit]



    Thanks,



    Andrew
  • Reply 5 of 40
    pg4gpg4g Posts: 383member
    Remote wipe is done via the unique code of the phone I believe (the ISDN or whatever it is called) and so even with a new sim, it would still send the same code, and would wipe.
  • Reply 6 of 40
    Is this the same or different than the remote erase that was mentioned for the 2.0 software? I've never used a Blackberry so I don't know how their security works, but I was under the impression that the 2.0 software provided the ability to submit a request over the cell network to erase all data on the phone. Or is that just a feature for enterprise customers because it seems like it could be useful for regular consumers as well if the phone were lost or stolen. This version seems to require access to the phone which seems to defeat most of the purpose. And what happens if the process is halted because the battery dies before completion? Will it continue the process after charging?
  • Reply 7 of 40
    SpamSandwichSpamSandwich Posts: 33,408member
    Quote:
    Originally Posted by darkopz View Post


    Maybe someone can explain the Remote Wiping in further detail for me. It seems quite easy to bypass. You take someone's iPhone, crack it open and pull out the SIM chip. Now it is no longer on the network and cannot be remote wiped. This can all be done within minutes of losing your phone. It could be that this feature isn't meant to prevent people from stealing company/personal secrets but rather a feel good way of knowing you might be able to wipe your information should you lose your iPhone. Is my assessment correct that the only connection the iPhone has for remote wiping is through the SIM chip?



    Thanks,



    Andrew



    Seems that if more companies insisted on passwords to secure their company phones, less of this would be an issue. People are lazy, inattentive and easily distracted. This is why remote wiping is important.
  • Reply 8 of 40
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by darkopz View Post


    Maybe someone can explain the Remote Wiping in further detail for me. It seems quite easy to bypass. You take someone's iPhone, crack it open and pull out the SIM chip. Now it is no longer on the network and cannot be remote wiped. This can all be done within minutes of losing your phone. It could be that this feature isn't meant to prevent people from stealing company/personal secrets but rather a feel good way of knowing you might be able to wipe your information should you lose your iPhone. Is my assessment correct that the only connection the iPhone has for remote wiping is through the SIM chip?



    [edit]

    I realize that the iPhone can connect wirelessly to the internet but that is easily stopped also by turning off wireless access. The only identifying feature of the iPhone would be the MAC address at that point. I think it all sounds great in theory but no where near secure enough to prevent someone from taking secrets off an iPhone. The only plausible secure way would be to encrypt all the data on the iPhone and allow access to the data through a password you enter every time you utilize your iPhone. Then if you lost your iPhone and the encryption was strong enough they would be out of luck. You can't crack strong encryption like you can on TV. Then thief's would need to, once again, resort to Social Engineering to obtaining passwords and information.

    [/edit]



    Hopefully it can work with the IMEI that is specific to each device. However, there are a great many thieves that aren't smart enough to know this. Every few months I read about a large cellphone heist that is foiled because they turned them on.
    Quote:
    Originally Posted by SpamSandwich View Post


    My only question... is this as good, or better than what is offered to Blackberry users?



    I'm being told by a BB user that they can remotely lock the device, disable the device, or disable and wipe (format) the device. I'm guessing lock is if you left it out at around friends, family member or workmates who won't steal it but may go snooping.





    Quote:
    Originally Posted by PG4G View Post


    Remote wipe is done via the unique code of the phone I believe (the ISDN or whatever it is called) and so even with a new sim, it would still send the same code, and would wipe.



    I think it's the IMEI, I hope someone can give us some insight into how robust it is.
  • Reply 9 of 40
    virgil-tb2virgil-tb2 Posts: 1,416member
    @SpamSandwich & @caliminius



    This would make the wiping features of the iPhone *greater* than those of the Blackberry. They both have remote secure wipe (or will have with iPhone 2.0), but the iPhone now has a "local" version of the same thing (as described in the article).



    I'm fairly certain that the BlackBerry can't do a "local wipe" in the same way, but the two phones could be seen as "feature identical" if turns out I am wrong on that. So either this is "as good" as Blackberry" or (most likely) "better."
  • Reply 10 of 40
    Umm... didn't Apple announce this feature when they announced the SDK, like... months ago?
  • Reply 11 of 40
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by SpamSandwich View Post


    Seems that if more companies insisted on passwords to secure their company phones, less of this would be an issue. People are lazy, inattentive and easily distracted. This is why remote wiping is important.



    I think the 4 digit PIN is too weak. It's a touch-screen interface and not a number pad so i would like to have the option for using a PIN length of my choice or a proper password of my desired length.
  • Reply 12 of 40
    irelandireland Posts: 17,743member
    Quote:
    Originally Posted by SpamSandwich View Post


    My only question... is this as good, or better than what is offered to Blackberry users?



    You love your Blackberry! Admit it Spam
  • Reply 13 of 40
    irelandireland Posts: 17,743member
    Quote:
    Originally Posted by Stuart Kirby View Post


    Umm... didn't Apple announce this feature when they announced the SDK, like... months ago?



    They announced remote wipe, not local wipe. That's new.
  • Reply 14 of 40
    wilcowilco Posts: 985member
    Quote:
    Originally Posted by Stuart Kirby View Post


    Umm... didn't Apple announce this feature when they announced the SDK, like... months ago?



    Umm...like no.
  • Reply 15 of 40
    lafelafe Posts: 252member
    Why so long? 8GB = an hour?



    Also, do you need to overwrite flash memory multiple times the way you do

    on a magnetic disk?



    I use Secure Empty Trash on my MBA with SSD, but I wonder if it's necessary

    as much as it would be on a traditional HDD.
  • Reply 16 of 40
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by Ireland View Post


    They announced remote wipe, not local wipe. That's new.



    Both are new to the iPhone. What I think Stuart is referring to is the SDK event where Apple announced that Exchange support for v2.0 will offer remote wipe. Of course, that relies upon ActiveSync being set up on your handset.
  • Reply 17 of 40
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by Lafe View Post


    Why so long? 8GB = an hour?



    Also, do you need to overwrite flash memory multiple times the way you do

    on a magnetic disk?



    I use Secure Empty Trash on my MBA with SSD, but I wonder if it's necessary

    as much as it would be on a traditional HDD.



    I've read plenty of times that writing 1's more than once is pointless as there are no known devices that are sensitive enough to read past one secure wipe. But better to be safe than sorry.



    As for the time, that is about how long it takes when you use iTunes to restore a full 8Gb to a clean device. The processor speed and slow write speed of NAND seems to be the issue.





    Quote:
    Originally Posted by PG4G View Post


    Remote wipe is done via the unique code of the phone I believe (the ISDN or whatever it is called) and so even with a new sim, it would still send the same code, and would wipe.



    More info...
    "The IMEI number is used by the GSM network to identify valid devices and therefore can be used to stop a stolen phone from accessing the network. For example, if a mobile phone is stolen, the owner can call his or her network provider and instruct them to "ban" the phone using its IMEI number. This renders the phone useless, regardless of whether the phone's SIM is changed."



    "When mobile equipment is stolen or lost, the operator or owner will typically contact the Central Equipment Identity Register (CEIR) which blacklists the device in all operator switches so that it will in effect become unusable, making theft of mobile equipment a useless business.

    The IMEI number is not supposed to be easy to change, making the CEIR blacklisting effective. However this is not always the case: IMEI may be easy to change with special tools and some operators may even flatly ignore the CEIR blacklist."
    Note: ZiPhone, which is used to jailbreak and unlock iPhones, has an option to input a user created IMEI. This can not be helped. HW has to be represented in software at some point. Even MAC addresses are only the software representation of the BIA (burned-in address) and can be altered very easily. Your router at home probably has this option available.
  • Reply 18 of 40
    pg4gpg4g Posts: 383member
    Actually it isn't so much it takes iTunes that long (it doesn't, it takes several minutes) but it would be because of the wiping process, and yes, the slow write speeds and such. It would be "US Department of Defence 5220-22 M standard" which is 7 pass over the drive - this would have to do with the army guy who spoke at the WWDC keynote, and how with the military using them, with their data, they need that standard of wipe



    When reinstalling OS X, you get the option to US DOD security erase the drive, also in disk utility.
  • Reply 19 of 40
    jeffdmjeffdm Posts: 12,949member
    Quote:
    Originally Posted by PG4G View Post


    Actually it isn't so much it takes iTunes that long (it doesn't, it takes several minutes) but it would be because of the wiping process, and yes, the slow write speeds and such. It would be "US Department of Defence 5220-22 M standard" which is 7 pass over the drive - this would have to do with the army guy who spoke at the WWDC keynote, and how with the military using them, with their data, they need that standard of wipe



    But the question that was raised was whether many passes are really necessary with flash memory.
  • Reply 20 of 40
    kreshkresh Posts: 379member
    I wonder how many hackers are working on exploits to do unauthorized remote wipes on iPhones, just to screw with Apple and make a name for themselves.



    I hope that remote wipe can be disabled for iPhones bought by individuals for personal use.
Sign In or Register to comment.