Secure data wipe built into iPhone Software v2.0
Responding to concerns over the integrity of the iPhone's data reset methods, Apple has taken the extra step and built a more secure data wipe function into the next version of the handset's software, AppleInsider has learned.
People familiar with the beta versions of iPhone Software v2.0 say the upcoming release will employ a more foolproof method of erasing all personal data and settings from an iPhone. As is the case with the existing version of iPhone software, the function will be accessible by selecting Settings > General > Reset > Erase All Contents and Settings.
Unlike today's iPhone software, however, the revised function will wipe data in similar fashion to the "Secure Empty Trash" function of Mac OS X, by which all data is deleted, unlinked, and then overwritten several times to make it irretrievable by even the savviest of recovery tools.
As such, the new function will take considerably longer to complete -- about an hour for a typical 8GB iPhone. A progress bar appears during the process. During the data wipe, users should connect their iPhone to its power adapter as the process is believed to be CPU intensive.
The updated functionality arrives following reports that an Oregon State detective was able to successfully retrieve personal data -- including emails, photos and financial information -- from a refurbished iPhone sold by Apple.
Jonathan Zdziarski, author of the "iPhone Open Application Development,? noted that Apple's existing erase-and-restore function leaves all of a user's personal data "sitting in the unallocated blocks of the iPhone's NAND memory." And there's no viable, publicly available method for erasing the personal data from the Apple handset, he added.
Data reset panel in iPhone Software v1.1.4 on left, v2.0 on right.
The improvements to the iPhone's data wipe will also arrive at a time when masses of original iPhone owners will be attempting clear information from their handsets and resell them to others after upgrading to an iPhone 3G. iPhone software 2.0 will also include among its many enterprise-ready features a function called "remote wipe" that was designed to protect data stored on iPhones by offering a means to remotely wipe them clear in the event that they are lost or stolen.
According to official statements made by Apple during its developers conference earlier this month, as well as this press release, "iPhone 2.0 software will be available on July 11 as a free software update via iTunes 7.7 or later for all iPhone customers." However, a gold master version may be provided to some Apple employees and partners as early as friday.
People familiar with the beta versions of iPhone Software v2.0 say the upcoming release will employ a more foolproof method of erasing all personal data and settings from an iPhone. As is the case with the existing version of iPhone software, the function will be accessible by selecting Settings > General > Reset > Erase All Contents and Settings.
Unlike today's iPhone software, however, the revised function will wipe data in similar fashion to the "Secure Empty Trash" function of Mac OS X, by which all data is deleted, unlinked, and then overwritten several times to make it irretrievable by even the savviest of recovery tools.
As such, the new function will take considerably longer to complete -- about an hour for a typical 8GB iPhone. A progress bar appears during the process. During the data wipe, users should connect their iPhone to its power adapter as the process is believed to be CPU intensive.
The updated functionality arrives following reports that an Oregon State detective was able to successfully retrieve personal data -- including emails, photos and financial information -- from a refurbished iPhone sold by Apple.
Jonathan Zdziarski, author of the "iPhone Open Application Development,? noted that Apple's existing erase-and-restore function leaves all of a user's personal data "sitting in the unallocated blocks of the iPhone's NAND memory." And there's no viable, publicly available method for erasing the personal data from the Apple handset, he added.
Data reset panel in iPhone Software v1.1.4 on left, v2.0 on right.
The improvements to the iPhone's data wipe will also arrive at a time when masses of original iPhone owners will be attempting clear information from their handsets and resell them to others after upgrading to an iPhone 3G. iPhone software 2.0 will also include among its many enterprise-ready features a function called "remote wipe" that was designed to protect data stored on iPhones by offering a means to remotely wipe them clear in the event that they are lost or stolen.
According to official statements made by Apple during its developers conference earlier this month, as well as this press release, "iPhone 2.0 software will be available on July 11 as a free software update via iTunes 7.7 or later for all iPhone customers." However, a gold master version may be provided to some Apple employees and partners as early as friday.
Comments
[edit]
I realize that the iPhone can connect wirelessly to the internet but that is easily stopped also by turning off wireless access. The only identifying feature of the iPhone would be the MAC address at that point. I think it all sounds great in theory but no where near secure enough to prevent someone from taking secrets off an iPhone. The only plausible secure way would be to encrypt all the data on the iPhone and allow access to the data through a password you enter every time you utilize your iPhone. Then if you lost your iPhone and the encryption was strong enough they would be out of luck. You can't crack strong encryption like you can on TV. Then thief's would need to, once again, resort to Social Engineering to obtaining passwords and information.
[/edit]
Thanks,
Andrew
Maybe someone can explain the Remote Wiping in further detail for me. It seems quite easy to bypass. You take someone's iPhone, crack it open and pull out the SIM chip. Now it is no longer on the network and cannot be remote wiped. This can all be done within minutes of losing your phone. It could be that this feature isn't meant to prevent people from stealing company/personal secrets but rather a feel good way of knowing you might be able to wipe your information should you lose your iPhone. Is my assessment correct that the only connection the iPhone has for remote wiping is through the SIM chip?
Thanks,
Andrew
Seems that if more companies insisted on passwords to secure their company phones, less of this would be an issue. People are lazy, inattentive and easily distracted. This is why remote wiping is important.
Maybe someone can explain the Remote Wiping in further detail for me. It seems quite easy to bypass. You take someone's iPhone, crack it open and pull out the SIM chip. Now it is no longer on the network and cannot be remote wiped. This can all be done within minutes of losing your phone. It could be that this feature isn't meant to prevent people from stealing company/personal secrets but rather a feel good way of knowing you might be able to wipe your information should you lose your iPhone. Is my assessment correct that the only connection the iPhone has for remote wiping is through the SIM chip?
[edit]
I realize that the iPhone can connect wirelessly to the internet but that is easily stopped also by turning off wireless access. The only identifying feature of the iPhone would be the MAC address at that point. I think it all sounds great in theory but no where near secure enough to prevent someone from taking secrets off an iPhone. The only plausible secure way would be to encrypt all the data on the iPhone and allow access to the data through a password you enter every time you utilize your iPhone. Then if you lost your iPhone and the encryption was strong enough they would be out of luck. You can't crack strong encryption like you can on TV. Then thief's would need to, once again, resort to Social Engineering to obtaining passwords and information.
[/edit]
Hopefully it can work with the IMEI that is specific to each device. However, there are a great many thieves that aren't smart enough to know this. Every few months I read about a large cellphone heist that is foiled because they turned them on.
My only question... is this as good, or better than what is offered to Blackberry users?
I'm being told by a BB user that they can remotely lock the device, disable the device, or disable and wipe (format) the device. I'm guessing lock is if you left it out at around friends, family member or workmates who won't steal it but may go snooping.
Remote wipe is done via the unique code of the phone I believe (the ISDN or whatever it is called) and so even with a new sim, it would still send the same code, and would wipe.
I think it's the IMEI, I hope someone can give us some insight into how robust it is.
This would make the wiping features of the iPhone *greater* than those of the Blackberry. They both have remote secure wipe (or will have with iPhone 2.0), but the iPhone now has a "local" version of the same thing (as described in the article).
I'm fairly certain that the BlackBerry can't do a "local wipe" in the same way, but the two phones could be seen as "feature identical" if turns out I am wrong on that. So either this is "as good" as Blackberry" or (most likely) "better."
Seems that if more companies insisted on passwords to secure their company phones, less of this would be an issue. People are lazy, inattentive and easily distracted. This is why remote wiping is important.
I think the 4 digit PIN is too weak. It's a touch-screen interface and not a number pad so i would like to have the option for using a PIN length of my choice or a proper password of my desired length.
My only question... is this as good, or better than what is offered to Blackberry users?
You love your Blackberry! Admit it Spam
Umm... didn't Apple announce this feature when they announced the SDK, like... months ago?
They announced remote wipe, not local wipe. That's new.
Umm... didn't Apple announce this feature when they announced the SDK, like... months ago?
Umm...like no.
Also, do you need to overwrite flash memory multiple times the way you do
on a magnetic disk?
I use Secure Empty Trash on my MBA with SSD, but I wonder if it's necessary
as much as it would be on a traditional HDD.
They announced remote wipe, not local wipe. That's new.
Both are new to the iPhone. What I think Stuart is referring to is the SDK event where Apple announced that Exchange support for v2.0 will offer remote wipe. Of course, that relies upon ActiveSync being set up on your handset.
Why so long? 8GB = an hour?
Also, do you need to overwrite flash memory multiple times the way you do
on a magnetic disk?
I use Secure Empty Trash on my MBA with SSD, but I wonder if it's necessary
as much as it would be on a traditional HDD.
I've read plenty of times that writing 1's more than once is pointless as there are no known devices that are sensitive enough to read past one secure wipe. But better to be safe than sorry.
As for the time, that is about how long it takes when you use iTunes to restore a full 8Gb to a clean device. The processor speed and slow write speed of NAND seems to be the issue.
Remote wipe is done via the unique code of the phone I believe (the ISDN or whatever it is called) and so even with a new sim, it would still send the same code, and would wipe.
More info... Note: ZiPhone, which is used to jailbreak and unlock iPhones, has an option to input a user created IMEI. This can not be helped. HW has to be represented in software at some point. Even MAC addresses are only the software representation of the BIA (burned-in address) and can be altered very easily. Your router at home probably has this option available.
When reinstalling OS X, you get the option to US DOD security erase the drive, also in disk utility.
Actually it isn't so much it takes iTunes that long (it doesn't, it takes several minutes) but it would be because of the wiping process, and yes, the slow write speeds and such. It would be "US Department of Defence 5220-22 M standard" which is 7 pass over the drive - this would have to do with the army guy who spoke at the WWDC keynote, and how with the military using them, with their data, they need that standard of wipe
But the question that was raised was whether many passes are really necessary with flash memory.
I hope that remote wipe can be disabled for iPhones bought by individuals for personal use.