Wiping a Smartphone Still Leaves Data Behind

KindMind writes "To probably no one's surprise, wiping a smartphone by standard methods doesn't get all the data erased. From an article at Wired: 'Problem is, even if you do everything right, there can still be lots of personal data left behind. Simply restoring a phone to its factory settings won't completely clear it of data. Even if you use the built-in tools to wipe it, when you go to sell your phone on Craigslist you may be selling all sorts of things along with it that are far more valuable — your name, birth date, Social Security number and home address, for example. ... [On a wiped iPhone 3G, mobile forensics specialist Lee Reiber] found a large amount of deleted personal data that he recovered because it had not been overwritten. He was able to find hundreds of phone numbers from a contacts database. Worse, he found a list of nearly every Wi-Fi and cellular access point the phone had ever come across — 68,390 Wi-Fi points and 61,202 cell sites. (This was the same location data tracking that landed Apple in a privacy flap a few years ago, and caused it to change its collection methods.) Even if the phone had never connected to any of the Wi-Fi access points, iOS was still logging them, and Reiber was able to grab them and piece together a trail of where the phone had been turned on.'"

Sledgehammer

That's why I used a sledgehammer and a group of beefy muscular friends to wipe mine out. 7 in fact.

Re:Sledgehammer

Sounds like a gangbang to me.

Re:Sledgehammer

[Lumpy]

How girly... I use a 50BMG round and a binary explosive behind it.

Re:Sledgehammer

[davester666]

well, he can claim to have the cleanest ass in town.

Re:Sledgehammer

How unbelievably weak do all of you have to be in order to actually require that?

I use a few swift whacks with a simple ball-peen hammer. If you need more than that, maybe you girls should consider going to a gym. Or growing arms. Or something.

doesn't sound like built in wipe was used

Did the previous owner use the "erase all content and settings" feature of that phone? Or just restore it. That would have been using the built in tool and would have overwrote the data. http://support.apple.com/kb/ht2110

Re:doesn't sound like built in wipe was used

[Velska1]

The idea in TFA was that the built-in wipe, IOW "erase all content settings" was used, and much was still there.

Sometimes, one could perhaps RTFA before inserting foot.

Re:doesn't sound like built in wipe was used

[BasilBrush]

Quick, someone tell 2008 that they have a problem with phone security.

Re:doesn't sound like built in wipe was used

[icebike]

When you do read TFA you find out this:

Take the two Motorola devices(android). Both were wiped, and neither had much to speak of stored in their built-in memory, just some application data with no personally identifiable fingerprints.

But one user left his micro SD card in the phone. Although the contents of the card were deleted, the card had not been formatted. This, apparently, meant the files were recoverable. And because Android cached application data to this SD card, Reiber could recover e-mail data as well — enough that we could positively identify the phone’s owner via his e-mail address. But the real treasure trove was the photos and documents. The photos still had metadata, including the dates, times and locations in which the photos were shot. And while the documents were benign, if the phone’s owner had stored sensitive information on his phone — think a tax return with a Social Security number, or a .pdf bank statement — we would have had that, too.

So other than USER Stupidity of leaving his SD card in the device he recycled, this once again is an Apple story pinned to a model long out of production dating to a problem long since fixed by Apple.

Not that it changes much, if the police who buy these forensic tools happen to get your phone they pretty much have everything they need to know everything about you. How does "AccessData" get around violations of the DMCA by building tools to circumvent encryption?

Re:doesn't sound like built in wipe was used

[hairyfeet]

You can forget it friend, any time you get an article involving the "big three", Apple, Google, or MSFT, the apologists brigade will be out in force. It doesn't matter what TFA says, it can show with hard data that Apple is lax on security, Google is going apeshit with datamining or windows 8 makes Vista look like a hit, doesn't matter, because for some damned reason these people treat the corps like ballclubs and will rush to their defense. I used to think it was some form of buyer's remorse, you know they paid too much money for their latest toy and are now rushing to defend it so they don't feel foolish? But I've seen the same behavior when the product is free so now I have NO idea why somebody who doesn't have stock would treat some megacorp like a ballclub.

As for TFA this is something I figured would be a problem once we switched to flash memory, with every die shrink the amount of cycles the flash memory can take before dying gets worse and these companies don't want to be getting a ton of "I wiped my phone and now half the storage is gone!" complaints and returns and of course even if you DID do a full wipe with the way wear leveling works by remapping and lying to the OS I don't know how trustworthy a wipe would really be except to keep Joe Clueless who buys the thing on eBay from getting the data.

So has anybody really done any extensive testing on how easy or hard it is to get a secure wipe with flash memory? I know that supposedly when a cell fails its stuck in a "read only" state and the drive just remaps to some of the spare cells so how hard would it be to get the data off those "dead" cells anyway? At the shop I have been avoiding SSDs simply because of how many failures my gamer customers have seen from the tech (kinda reminds me of the first years of HDDs and how often they went tits up back then) but it would be nice to know how well a wipe on flash memory would actually work.

Re:doesn't sound like built in wipe was used

There's a reason the article mentions a iPhone 3G...it's no doubt running an ancient version of iOS. Recent versions of iOS encrypt all data and the wipe feature simply removes the decryption key. Prior to that, wiping an iPhone was an error prone process.

Basically, it sounds like he found a known issue a few years after it has ceased to be a problem.

Re:doesn't sound like built in wipe was used

[viperidaenz]

No encryption is being circumvented. Data was simply read directly from a device. To violate the DMCA you firstly have to be in the USA, secondly it has to actually be encrypted in the first place, and that encryption must be reasonable too. Reading deleted files doesn't count. You don't get in trouble for running a deleted files recovery tool.

Also, the quote you pasted has nothing to do with Apple either, the stupid user problem leaving their SD card in it was for Android. Apple failed by not overwriting the data in the flash chips in the phone when you "wipe" it.

Re:doesn't sound like built in wipe was used

[davydagger]

here is the best part about SD cards.

Many new android phones automaticly use the SD card for everything, apps, phone data, etc... which is by far the best move there is, and why built in phone storage is worthless.

store everything on the microSD card, and when you End of Life, either physically destroy, or gutmann wipe it, or both, from a smart card reader, attached to your PC.
Phone is clear.

Re:doesn't sound like built in wipe was used

[davydagger]

fortunately, SSDs have a "security wipe" mode, which will clear all cells. in linux there is an implementation with hdparm.

unfortunately it doesn't work reliability across all models, vendors, and there is no real good guide on which models really work.

Oh, and you could get a kernel panic if using a kernel older than 3.0 or 3.2, or your drive doesn't work right.

# hdparm --security-erase

Re:doesn't sound like built in wipe was used

[icebike]

But you miss the point here, and as a result you got it exactly backwards.

The phones all handle wipe of internal storage just fine, but virtually none of the phones wipe microSD cards. MicroSd is a security nightmare.

Re:doesn't sound like built in wipe was used

[hairyfeet]

So in other words...no. There are SOME models, which ones fuck if you or me or anybody knows because you'd have to take the chips out and actually test to see if they were REALLY secure wiping or feeding your BS like in TFA, but its NOT any specific vendor or model or anything that is predictable...great.

Ya know I used to get pissed at the guys that would waste perfectly good working HDDs by taking a .357 to the thing when we have easy peasy ways to wipe those but with SSDs? they may actually have a point. it probably saves the vendors an assload of money as well since nobody will be sending back failed drives to get it replaced under warranty. i know my gamer customers just throw away the drives after smashing them even if they are under warranty because there is no way to wipe them and they don't want to risk their data being stolen by some third world refurb center. At least with a HDD as long as it wasn't completely tits up I could usually zero out a drive before sending it in, with these I think I'd opt for the .357 approach too.

Re:doesn't sound like built in wipe was used

[davydagger]

"Ya know I used to get pissed at the guys that would waste perfectly good working HDDs by taking a .357 to the thing when we have easy peasy ways to wipe those but with SSDs? they may actually have a point"

There are companies that do secure physical destruction of drives or physical components. as far as shooting HDDs go, its fun, but it still doesn't assure all data is irrecoverable. the .357 method is far more entertaining though.

Re:doesn't sound like built in wipe was used

[Hunter+Shoptaw]

I store all my tax returns on my SD card in my phone. /s

Re:doesn't sound like built in wipe was used

[pnutjam]

Something I can easily take out and destroy at virtually a moments notice is a security nightmare?
My phone also supports SD card encryption but I haven't bothered. I bet that would have thrown a monkey wrench into his recovery process.

Re:doesn't sound like built in wipe was used

[pnutjam]

There is an app for that...

No seriously, they were reviewing apps for doing your taxes on the news this morning, take a picture of your w2 and it imports everything. Probably does the OCS on an unsecure channel back to turbotax.

Re:doesn't sound like built in wipe was used

[pnutjam]

Why treat ballclubs like ballclubs? It's human nature? What difference does it make if a school you haven't attended in a decade wins something? Better yet, who cares if a professional sporting team staffed entirely by out of towners and only temporarily located in your city (owners move at their discretion) wins a game? Why do we shovel money into their pockets for athletic fields and such?

I'm seriously asking, because I can't figure it out...

Re:doesn't sound like built in wipe was used

[pnutjam]

Encryption from the start is the way to go. It's not like you can recover data from them if they are failing anyway.

Re:doesn't sound like built in wipe was used

[Hunter+Shoptaw]

I know, I was over dramatizing the stupidity of anyone who wouldn't take into account personal data on their phone, which is very often left in public.

Re:doesn't sound like built in wipe was used

[hairyfeet]

Ya know, I have heard these recovery company bullshit about recovering a shot drive but until i see it with my own two peepers i seriously doubt a hard drive that has had 3 or 4 .357 rounds put through it so the insides sound like a macaroni shaker is gonna get any real data taken out of it.

Re:doesn't sound like built in wipe was used

[icebike]

Lets see you take that out and destroy it (via remote wipe) after you lost your phone, or when the arresting officer confiscates your phone.

In fact in virtually ANY situation (other than recycling the device) that you would want to wipe your phone you can't wipe the SD card.

So yes, add-in Microsd cards are a security mess, which is why Google no longer recommends them, and Apple never did.

Re:doesn't sound like built in wipe was used

[hairyfeet]

You'd be surprised, which is why I really miss Spinrite. I don't know how many times I was able to save data off a seriously failing drive using that tool but he hasn't updated it in years and it won't support drives over 500GB which makes it useless today, but with a few hours and Spinrite I was often able to get a drive to go just long enough to save the important stuff from somebody's dying drive.

Re:doesn't sound like built in wipe was used

[davydagger]

microSD cards are not problem.

you can take them out and crush them, if not zero fill/gutmann wipe/etc... on the computer.

Re:doesn't sound like built in wipe was used

[davydagger]

"Lets see you take that out and destroy it (via remote wipe) after you lost your phone, or when the arresting officer confiscates your phone."
how is this any diffrent than the device itself.

"which is why Google no longer recommends them, and Apple never did."

Two companies that take your privacy really seriously....

Re:doesn't sound like built in wipe was used

[pnutjam]

If I've encrypted the card I don't have to worry about it in any of those scenarios.

Mobile Forensics Specialist

Now there is a burgeoning career field. Does this still work after clearing the cache on and Android?

Re:Mobile Forensics Specialist

You may be scarred for life after.

Social Security Number?

Why would my phone know my social security number? Has anyone ever had to input this?

68,000 wifi points??

take the point of the article, as it were, but you'd have to move pretty fast for 68,000 wifi points that you had connected to. pretty fast.

Re:68,000 wifi points??

[detritus.]

Or drive a few miles around Manhattan.

Re:68,000 wifi points??

[jxander]

Some napkin math, assuming he purchased the phone in July 2008 when 3G went on sale, and it's been in use constantly for the last 57 months ... and ball-parking 30 days/month ... he hit 40 Wi-Fi points and 36 cell towers every day.

Even with the assumption that these are not unique access points (i.e. his home WiFi is counted 3 or 4 times a day, depending on how often he comes and goes) ... that's still an insane number. If we change the time-frame to 2 years, roughly the average lifespan between upgrades, he's up to 95 WiFi points per day.

Quite the busy bee.

Re:68,000 wifi points??

[EvanED]

Even with the assumption that these are not unique access points ... that's still an insane number. If we change the time-frame to 2 years, roughly the average lifespan between upgrades, he's up to 95 WiFi points per day.

If the wifi points are non-unique, 100 wifi points per day would be downright easy to achieve. I probably pass far more than that on the way to and from work each day on the bus.

Remember, it's not "how many networks have you connected to" but "how many have come in range of your antenna."

Unique points would be a lot harder to hit, but as someone else points out, you could probably rack up access points very quickly in a metropolitan area.

Re:68,000 wifi points??

[compro01]

Some napkin math, assuming he purchased the phone in July 2008 when 3G went on sale, and it's been in use constantly for the last 57 months ... and ball-parking 30 days/month ... he hit 40 Wi-Fi points and 36 cell towers every day.

Not that difficult. Just sitting at my desk, my Galaxy S3 picks up 36 Wi-Fi networks. I probably walk past that many again on my way to work. And a few dozen more any time I walk into an apartment building.

I consider it rather mystical how any Wi-Fi network is able to function at all with this amount of crowding in the channels.

Re:68,000 wifi points??

[xaxa]

I see 11 access points sitting at home, in a chunky brick building. If I take the metro into central London I go past 10 access points just underground (in the stations, and that's only the public ones).

Heading straight home gives another 10 + 11, so that's already over your average.

(My own router's signal doesn't reach from one end of the flat to the other, due to the chunky walls, and most of the 11 signals I see are very weak, so I probably hit 5-10 see-you see-you-nots just going to the kitchen and back.)

I actually cycle to work. I wonder if my phone has enough time to detect all the residential connections I go past? I doubt it, but there should be enough slow bits (corners, junctions) to plot my route exactly.

Re:68,000 wifi points??

[sjames]

Or he rides the train. In addition to the fleeting contacts from outside, there's people tethering on the train.

It's still quite a lot, but I suppose it's vaguely possible.

Re:68,000 wifi points??

[adolf]

Since I got an OG Droid in November of 2009, I've purposefully observed 132,205 non-unique access points just in the course of normal short traveling for work and pleasure, exclusively by car.

I am unsurprised by any of these figures.

Re:68,000 wifi points??

[sjames]

Ah, NON-unique. Yes, it's not at all surprising then.

Re:68,000 wifi points??

[adolf]

And 93,077 unique access points, over the same period.

Re:68,000 wifi points??

[jxander]

Either you work in a very very crowded area, or San Diego is seriously slacking in the Wireless department.

There are exactly zero visible wireless signal available from my office. My company's SSID is not broadcast, and it's a fairly large campus, so no others can make the trip in. From my home, I can see a few, maybe 3 or 4 on a good day (including my own.) Perhaps people in my neighborhood just keep their SSIDs hidden.

Some more napkin math time! Assuming you're on flat ground (because it's been a LONG while since I took advanced geometry ... trying to figure this out in 3 dimensions would make my brain hurt at this hour) And giving each WAP an average range of 100 feet to your phone ... the access points would have to be arranged in a perfect grid at roughly 30 foot intervals (starting with the one you're sitting on top of) in order for you to see 36 from the central point.

(100 ft radius = 31,400 sqft circle) / 36 chunks = 875 sqfeet per chunk ... sqrt ... 29 and change.

Certainly not impossible, though if you think that you need a separate access point from someone less than 30m away, I think that you need to work on your interpersonal skills ;) (for reference, 30 feet is 8 - 12 paces, depending on the size of your stride.)

Re:68,000 wifi points??

[EvanED]

Either you work in a very very crowded area, or San Diego is seriously slacking in the Wireless department. There are exactly zero visible wireless signal available from my office. My company's SSID is not broadcast, and it's a fairly large campus, so no others can make the trip in. From my home, I can see a few, maybe 3 or 4 on a good day (including my own.) Perhaps people in my neighborhood just keep their SSIDs hidden.

Depending on where exactly I am in my apartment (I can move a few feet and the number changes), from three sample points I see between 20 and 28 different networks at home. There were 15 or 20 visible from my office earlier today. Going down a street where there are a lot of apartments, I wouldn't be surprised if I see 40.

Things like your 2D assumption really get destroyed by apartment buildings, not to mention your statement that "if you think that you need a separate access point from someone less than 30m away, I think that you need to work on your interpersonal skills" :-).

If anyone knows a way -- either on Linux or Windows 7 -- to record a list of SSIDs which are visible over time, I'll run it on my bus ride and see how many unique networks are visible during the entire route.

Re:68,000 wifi points??

[EvanED]

Going down a street where there are a lot of apartments, I wouldn't be surprised if I see 40.

By the way, that's 40 at once, along most of the street. I'd be surprised if I don't see 100 different networks at one point or another from one end of the street to another.

Re:68,000 wifi points??

[compro01]

Either you work in a very very crowded area, or San Diego is seriously slacking in the Wireless department

And giving each WAP an average range of 100 feet to your phone

Downtown core in a city of 200k.

My number is probably inflated a bit given that my desk is ~80m off the ground and next to a window. According to opensignal's DB, some of the networks I'm detecting are 1000+ feet away.

Re:68,000 wifi points??

[compro01]

If anyone knows a way -- either on Linux or Windows 7 -- to record a list of SSIDs which are visible over time, I'll run it on my bus ride and see how many unique networks are visible during the entire route.

InSSIDer might be what you're looking for. Also available for Android and Mac.

Re:68,000 wifi points??

[jxander]

If you want to ballpark the average dispersion in 3d space, be my guest. I might later today, depending on how work goes.

If anyone knows a way -- either on Linux or Windows 7 -- to record a list of SSIDs which are visible over time, I'll run it on my bus ride and see how many unique networks are visible during the entire route.

I'd actually be interested in this as well. Hopefully there's a tool that doesn't require a "Smartphone forensics" degree. I only see a few networks whenever I look ... but that doesn't mean I'm not passing through the range of many more. I intentionally set my phone to *NOT* pop up and ask me about every stinkin' wireless network it sees. Joins the ones I know, ignores the rest, and I add new ones manually ... so maybe I'm missing the real quantity.

I'd also be interested in some real world tests of viable WiFi range. Sure the manufacturer puts their specs on, or their best guess ... but I'd wager that you get significantly reduced signal through 5 floors of apartment building (with microwaves, cordless phones, and everything else in the way) as opposed to 50 feet of open field. Go Go Science. Looks like I have something to do this weekend.

P.S. I was being fairly honest with the interpersonal skills comment, only slightly snarky. I provide an SSID at home that a few of my neighbors use. We're all friends, and I trust them not to do anything immensely scandalous... or if they do, well, it provides plausible dependability for anything that I might be doing on the "same IP." Seems like a similar arrangement could be made all the easier in an apartment setting. Split the bill among 3 rooms, the middle room actually gets the service and shares with those on either side of him.

Re:68,000 wifi points??

[EvanED]

I'd actually be interested in this as well. Hopefully there's a tool that doesn't require a "Smartphone forensics" degree. I only see a few networks whenever I look ... but that doesn't mean I'm not passing through the range of many more.

So what I wound up doing was using the iw dev wlan0 scan command in Linux to list information, from which I grep'd out the SSID: blah lines. I then ran this with a 2 or 3 second pause inside of a shell for loop as I rode in. I'll post results this evening, but with a caveat, there were a couple points where iw dev wlan0 scan | grep SSID returned over 100 networks. I don't even live in a metropolitan area; most of my ride in is quite suburban.

There were 1,644 unique network SSIDs reported during my 30-minute ride in.

(The caveat is I think there is some "drag" of what networks it reports. For instance, if it sees network Foo at one moment, I think that will be reported for a bit longer even after it's no longer in range. Because of this drag, I'm not sure that there were actually ever more than 100 networks in range.)

Re:68,000 wifi points??

[EvanED]

I graphed the number of networks visible in the morning and evening commutes. The first ~5 min of the morning commute is sitting stationary. The vertical lines are caused by the obnoxious-as-hell network manager that comes with Ubuntu accessing the interface and causing a "device or resource busy" error with my thing, which causes a report of 0 networks in range. Remember the drag I mentioned before: the three big peaks little after 10AM correspond to the three most popular stops along the street with bigger apartment buildings, but the decline from the peaks occurred even as the bus was sitting before.

There were >1600 unique SSIDs seen in the morning commute, >1200 in the evening one, and >1800 total.

The way I collected this data was to:

collect it with for num in $(seq 1 3600); do iw dev wlan0 scan > $num.txt; sleep 2; done

convert it to CSV with for file in *.txt; do echo "$file, $(stat --printf="%y" $file | cut -f2 -d" "), $(wc -l net.csv

and then graph it in LO Calc.

This wouldn't be an issue...

This wouldn't be an issue if cell phones were unlocked and the firmware and OS was GPLed.

Can't hide it

[giveen796]

Without the development of a secure wipe tool for mobile devices, all your information is easily available to retrieve as long as you know what you are doing. Look up tools like FTK or Encase.

Re:Can't hide it

[BasilBrush]

With iOS it certainly isn't. Note the iPhones used in the article were deliberately selected to be very old. iPhone 3G.

With newer iPhones, every single byte is written using a hardware based encryption key. AES-256. Wiping the phone involves deleting just the key. At that stage none of the phone's data is recoverable. Not by anyone.

Re:Can't hide it

[giveen796]

That is partially correct, modern forensics tools (like FTK) can fight back.

Re:Can't hide it

[h4rr4r]

How exactly do you fight back against AES?

Re:Can't hide it

[giveen796]

http://blog.crackpassword.com/2011/05/elcomsoft-breaks-iphone-encryption-offers-forensic-access-to-file-system-dumps/ By decrypting it.

Re:Can't hide it

[h4rr4r]

Only if you are so stupid that your PIN is only 4 numbers and you allow unlimited retires. I am pretty sure iOS now makes the retry interval longer and longer to avoid this attack.

They just brute force it, that is not anything special.

Re:Can't hide it

[PhunkySchtuff]

If you have it set, the device PIN unlocks the AES key that decrypts the phone's filesystem.
If you allow unlimited guesses at the PIN, you can unlock the AES key and decrypt the filesystem.

If you erase the phone (reset all content and settings) the phone securely wipes it's AES key - the filesystem is from that point forwards nothing more than random data. If you have an attack against AES256 then you stand a chance at recovering something, but you don't...

There's no use in guessing the PIN as the encryption key that the PIN unlocks has been erased.

Re:Can't hide it

[the_B0fh]

Do you even understand what you just cited? That has *NOTHING* to do with an iPhone 3GS and onwards that was wiped.

Once wiped, it is not recoverable. The key is gone. Please learn and understand your tools and limitations.

Re:Can't hide it

[Kaenneth]

Barring a weakness in the key generator; iirc that was how the PS3 was cracked?

Re:Can't hide it

That counts for manual retries. iOS connected to the machine and brute forcing through USB cable doesn't have limit and is pretty fast.

Re:Can't hide it

[Lumpy]

That is 100% false. Any "digital Forensics" person claiming that is a big far liar that has no clue at all to how it works or how even computers work.

If someone you know told you that, you need to have them show you proof.

Re:Can't hide it

[Lumpy]

And did not reset the phone. you cant brute for a pin when the key is completely deleted.

Re:Can't hide it

[the_B0fh]

Weakness in a key, and the key being *GONE* are two different things.

One can be hacked. The other is irreversibly *GONE*

You really should go read up on how public key crypto works.

Re:Can't hide it

[viperidaenz]

Retry interval and retry count are irrelevant if you just read the data directly from the flash chip. That's one interface in the iPhone that is completely open and standards based.

Re:Can't hide it

[Kaenneth]

It's not *GONE* if you can regenerate it.

Re:Can't hide it

[the_B0fh]

And I can be filthy rich if I can win the powerball.

Show me how you regenerate a deleted key.

Depends on the phone and the methods used

[guruevi]

Most decent cell phones have built-in encryption which wipes the phone by simply deleting the built-in keys. Some cheap-ass droids and the 'feature-phones' may not have it built-in but it's fairly easy to wipe a phone that has the feature.

Off course, if you use the wrong methods (such as simply 'restoring' the phone) or using unencrypted external media, not much is going to help you. If you really need to get rid of your data (eg. in an enterprise environment) I would hope those in charge of the devices would know how to configure and manage the phones correctly so they can be remotely wiped etc

Re:Depends on the phone and the methods used

The bad news is that only since Android 4.0 that there has been decent encryption in devices. Before that, only some Motorola devices had some ability to encrypt the SD card and the main filesystems.

The good news is that Android has grown up, and uses dmcrypt to encrypt the /data partition. One can even have the passphrase that decrypts the filesystem separate from the screen unlocking PIN, using a command line and the vdc cryptfs changepw command. This way, if the device falls into the wrong hands and gets power-cycled, an attacker has to guess a 20+ character passphrase as opposed to a 4-8 digit PIN.

The ugly: Just the /data filesystem is encrypted. If you have a SDcard, you are SOL unless you have a Motorola device that has their own file based mechanism of writing encrypted data.

As for iOS, AFAIK, it mainly relies on hardware chip voodoo to only allow access to the AES key once the chip validates the PIN, and to mitigate an attack against just four digits (which is the typical PIN code length.) If one of the chips has a weakness, game is over.

With the latest devices, both iOS and Android are decently secure, except both have strengths weaknesses. Android can be set to have a reasonably strong passphrase, then use a PIN once /data is mounted. However, Android can't encrypt SD cards. iOS is encrypted immediately, but the downside is that the OS relies on magic smoke ASICs to enforce its security.

Re:Depends on the phone and the methods used

[h4rr4r]

If you are reselling the device just remove the SD card, or stick it in a PC and use DD to write /dev/urandom to it. Obviously some users will find the latter approach too technical, or not trust SD cards enough, so selling it without an SD card is a fine solution.

Re:Depends on the phone and the methods used

[gl4ss]

that just takes care of the sdcard though and leaves the internal rom untouched. wiping that is a possibility too though.

doesn't sound like the phone in the article was wiped at all though.

Re:Depends on the phone and the methods used

Most decent cell phones have built-in encryption which wipes the phone by simply deleting the built-in keys.

Blackberries go further, by repeatedly overwriting the data. So if the key was weak, or recoverable, you still can't get the data.

Re:Depends on the phone and the methods used

[hobarrera]

Phones with no encryption could just "dd if=/dev/zero of=/dev/mmcblk0" or equivalent. It's just a matter of user-ignorance, not of software issues.

This is old news, and no longer correct for iPhone

[kallisti]

The key line: "On a wiped iPhone 3G"

Starting with the iPhone3GS, iOS encrypts everything with a random AES256 key. When you say to wipe the device, it erases that key rendering everything else unusable. This is mentioned in the article, but downplayed. It's been a long time since you could even buy an iPhone 3G, so it seems alarmist to bring it up now.

http://blog.itsecurityexpert.co.uk/2011/10/securely-wiping-your-personal-data-from.html

Who the hell keeps their Social Security number

[Spy+Handler]

on their phone??

Re:Who the hell keeps their Social Security number

I need that to update my flash player and access my Nigerian bank accounts. Duh

Re:Who the hell keeps their Social Security number

[PyroMosh]

For real.

I get why that could be a problem with a PC. After all, it's not unusual to file one's taxes on one's PC, or have other records that might include one's SSN on a PC. But who the hell is doing anything like via a phone?

Re:Who the hell keeps their Social Security number

[h4rr4r]

TurboTax and other have products that work on smartphones and tablets. I do not believe they save anything like that locally though.

Re:Who the hell keeps their Social Security number

[Lumpy]

You would have to be completely insane to do your taxes on your phone.

A contrived test: old phone, old operating system?

[perpenso]

Did the previous owner use the "erase all content and settings" feature of that phone? Or just restore it. That would have been using the built in tool and would have overwrote the data. http://support.apple.com/kb/ht2110

The author used the last iPhone (3G) running the last iOS version (4) that would exhibit such behavior. It seems a contrived test.

An upgrade to iOS 5 would fix the problem on the 3G. On newer phones the encryption key needed to access the data is destroyed, so the problem never would have occurred.

Newer phones

[Selfbain]

I'd be more interested to see if he can still do it on a newer model. The earlier models of iPhones were well known to have poor security.

Re:A contrived test: old phone, old operating syst

[sethmeisterg]

EXACTLY. Wish my mod points hadn't expired.

Sigh...

[pushing-robot]

we rounded up every old phone we could scrounge up from around the office and asked the owners to wipe them. Our stash consisted of two iPhone 3G models, two Motorola Droids, an LG Dare and an LG Optimus.

There were similar discrepancies in what Reiber found on the two iPhones, although both were 3G models running iOS 4

It’s worth noting that the iPhone 3GS and newer versions use a hardware encryption key which is deleted when the phone is wiped, but data was easily recovered from these older models.

Oh no! Five-year-old* long-discontinued phones running old OSes lack security! The horror!

* okay, the Droid is only 4 years old, and the Optimus a mere 3. (And both shipped with Android 2.0 or earlier.)

Re:This is old news, and no longer correct for iPh

[giveen796]

http://www.accessdata.com/products/digital-forensics/mobile-phone-examiner On-the-Fly Decryption of Operating System and Logical Data of iOS

Can we please be more specific?

[MyFirstNameIsPaul]

'Smartphone' is a general term, but this article is about specific smartphones. "Our stash consisted of two iPhone 3G models, two Motorola Droids, an LG Dare and an LG Optimus. (We had hoped for a BlackBerry, but nobody had one.)" As usual, BlackBerry is not only excluded from the test, but the technology 'journalists' had to throw in a swipe at BlackBerry, which, to me, is an admission of their own incompetence. A BlackBerry device probably would pass the test with flying colors, just as these devices do with most every security test. I'm not claiming that BlackBerry should be best selling phones or that they are the greatest ever, just that credit should be given where it is due.

Re:Can we please be more specific?

[h4rr4r]

Or maybe it reflects the fact that few people still use them, and nearly no one would if they had a choice.

Most modern smartphones support good encryption. Just use that.

Re:Can we please be more specific?

A BlackBerry device probably would pass the test with flying colors

So would a Motorola DynaTAC.

Re:Can we please be more specific?

[MyFirstNameIsPaul]

So your argument is that the LG Dare is a more popular phone and platform than BlackBerry? You are wrong.

Re:Can we please be more specific?

[h4rr4r]

No my argument is that the LG dare might have been more popular than any single Blackberry at one time.

Enable Encryption after the fact

[pavon]

I've read in a few places that if you enable encryption on either Android or an iPhone, it encrypts the entire flash chip at a low level, which has pretty much the same effect as writing a disk with random data if you don't know the key. These articles therefore recommended the following process to sanitize your phone before reselling/discarding it:
1) Enable encryption
2) Perform a factory reset/wipe
3) Disable encryption
4) Repeat if paranoid
That way all your data is deleted, and all "deleted" files are scrambled and impossible to recover if you don't have the key.

It doesn't look like researchers looked at phones where that had been performed.

Re:Enable Encryption after the fact

Incorrect (for iOS anyway). All iOS phones since the 3GS have hardware encryption turned on. It's not an option. To erase securely, just use the menu command to erase the phone from settings. Nothing fancy.

Sentence doesn't make sense!

[bogaboga]

While referring to getting all data erased.

'Problem is, even if you do everything right, there can still be lots of personal data left behind.

Wouldn't that mean you just didn't do everything right? Huh?

Google doesn't help matters by providing no avenue for de-linking one's no-longer-owned device from an existing [Google Play] account. Sad.

Re:Sentence doesn't make sense!

[JStyle]

To remove your Google account (and therefore Google Play) from an android phone, you simply log out of the Google account. The Play Store is useless then. A factory reset (available on all androids I've used/seen), does the same, to a further degree (removing apps, etc).

Re:Sentence doesn't make sense!

[bogaboga]

I guess I didn't make myself clear...Let me rephrase:

If you destroy your 1st Android phone and obtain a second one, there's no way of removing any reference to the 1st phone from Google Play. Or is there? I have 7 devices listed, six of which I no longer own. How do I prevent them (the six I no longer use), from getting listed on Google Play? Got it?

Re:Sentence doesn't make sense!

[petman]

From Play Store, you can go to "My Orders and Settings", then go to the Settings tab, and you can just uncheck the devices you no longer own. Then those devices will no longer appear anywhere else in the Play Store. Or do you mean you don't even want those devices to appear in the Settings tab? Of course, there's no way to do that now, but I don't see why having the old devices listed would be a problem for you. It's just a list.

Vague useless article.

[Andy+Dodd]

The article makes no mention of WHICH Android revision each of the given phones tested was using.

It was a known problem with Gingerbread and earlier that the wipe method used by most Android devices was insufficient. That's why Google added secure erase prior to reformat with ICS (maybe HC too, not sure...)

https://android.googlesource.com/platform/system/extras/+/c2470654d4b4db09a7052fc5fa108ac21f1b1948

Interesting result of this: Samsung's eMMC chips that were shipped in the Galaxy S II and original Galaxy Note couldn't handle this secure erase command properly, and using a standard "secure" wipe had a pretty good chance of corrupting the wear leveller so badly the chip would be rendered useless. (Samsung's own recoveries were "neutered" so as not to issue a secure erase command.)

TL;DR - Unless crippled by the manufacturer, any recent Android device (ICS or newer) should not have any of the issues with data remaining easily recoverable after a wipe described by this article. LG didn't do anything special here - they just implemented ICS or later and that's all that was needed.

Re:This is old news, and no longer correct for iPh

I'm guessing that only works if the phone wasn't reset to factory settings.

Re:A contrived test: old phone, old operating syst

[ejasons]

The author used the last iPhone (3G) running the last iOS version (4) that would exhibit such behavior. It seems a contrived test.

More than just contrived, it is very intellectually dishonest...

Re:A contrived test: old phone, old operating syst

[Alter_3d]

The author used the last iPhone (3G) running the last iOS version (4) that would exhibit such behavior. It seems a contrived test. An upgrade to iOS 5 would fix the problem on the 3G. On newer phones the encryption key needed to access the data is destroyed, so the problem never would have occurred.

Sorry, but the iPhone 3G tops out at version 4.1.2. The 3GS, on the other hand, does have support for iOS 6, if I remember correctly.

SO what do you need to be sure?

[the+eric+conspiracy]

Van der Graaf Generator?
Oxy-acetylene torch?
Cement kiln?

I know what to do with a hard drive (DBAN followed by drill press) and a DVD (shredder).

Re:SO what do you need to be sure?

[Nerdfest]

Nuke it from orbit. It's the only way to be sure.

Re:This is old news, and no longer correct for iPh

[SuperKendall]

What part of "wipe device resets the key" did you not understand? You can't recover anything if the key is discarded. That article only matters for police who have recovered iPhones from criminals and want to try and get something out, not people who are selling a phone and reset it beforehand.

Re:A contrived test: old phone, old operating syst

[Bigbutt]

Yep. I have 6 on my 3GS. The first gen iPad doesn't though.

[John]

No "Fight back" once key is gone

[SuperKendall]

You can't "fight back" when the encryption key has been discarded. It is gone.

That misunderstood article is about how to get data off a device that has NOT been wiped.

Re:No "Fight back" once key is gone

[giveen796]

I just talked to the forensics guys I know, I was wrong. And you are correct.

Putting the article asside for a moment...

[ADRA]

How the hell on EARTH do you have "61,202 cell sites" without de-duping?

Then I checked the US wireless quick facts and found:
June-12 June-07 June-02 June-97
285,561 210,360 131,350 38,650

Yikes, that's quite the expansion... but regardless, it still means this phone would've travelled through a very large number of dense American cities to get up to that count.

Re:Putting the article asside for a moment...

[drinkypoo]

Yikes, that's quite the expansion... but regardless, it still means this phone would've travelled through a very large number of dense American cities to get up to that count.

There's not enough information here to make that determination. Not only could the number have undergone similar expansion between June-12 and today, but the cell sites could easily be concentrated in metropolitan areas (especially if these numbers include official microcells) and thus you could possibly achieve it by visiting only two or three major metropolitan areas and doing some serious running around in circles.

easy solution

just stick the phone in a degausser......

Re:A contrived test: old phone, old operating syst

[perpenso]

The author used the last iPhone (3G) running the last iOS version (4) that would exhibit such behavior. It seems a contrived test. An upgrade to iOS 5 would fix the problem on the 3G. On newer phones the encryption key needed to access the data is destroyed, so the problem never would have occurred.

Sorry, but the iPhone 3G tops out at version 4.1.2. The 3GS, on the other hand, does have support for iOS 6, if I remember correctly.

My bad. I might have been thinking of the iPod 3rd gen which tops out at 5.1. The iPhone 3GS (also 3rd gen) is supported by iOS 6.1, the current version.

Re:AND WIPING MY ASS STILL LEAVES POO BEHIND!

[DougOtto]

Which begs the question: "How do blind people know when to stop wiping?"

Re:A contrived test: old phone, old operating syst

[organgtool]

As others have pointed out, the iPhone 3G topped out at iOS 4 (and that's if you can't deal with how slowly it ran). Even if it could run iOS 5, you neglected the possibility that the person could have sold the phone before iOS 5 even came out. My iPhone 3G definitely had no such erase option and since the damn phone refuses to mount like a proper USB device, I was not able to use software from my laptop to securely wipe the phone before selling it. Oh well, at least I haven't had my identity stolen yet.

Erase HD

Erase hard drive= sledgehammer+fire.

Load the 3G with music ...

[perpenso]

After erasing the contents fill the 3G with music to overwrite, then erase again?

Re:Load the 3G with music ...

After erasing the contents fill the 3G with music to overwrite, then erase again?

Pretty sure the filesystem in iOS can have partially empty blocks. I'd make a copy of my music, then run find . -type f -print0 | perl -n0e 'truncate($_, -s $_ >> 13 13)' to make sure that all the files were rounded off to 4096 bytes first.

Re:Load the 3G with music ...

And that's >> 13 << 13, since /.'s HTML handling is lame.

Re:A contrived test: old phone, old operating syst

[Jafafa+Hots]

But you're assuming that everyone who had an older phone ran out and ditched it the moment the new ones came out and thus there are no older iPhones with older software in use.

Oh wait... we're talking about Apple. Ok, yeah, everyone DID immediately ditch their old phone the moment the new model came out. Nevermind.

big surprise here...

even in an ssd or usb storage device, flash memory is a bugger to erase... and to know with absolute certainty that the data is indeed gone, requires destruction, not deletion.

Re:AND WIPING MY ASS STILL LEAVES POO BEHIND!

I know that many blind people fill cups with liquid by putting a finger in the cup, and feeling when it's full. Maybe they use the same sense of touch in this case ....... I've got to stop shaking blind people's hands.

Tried to call

[SuperKendall]

Quick, someone tell 2008 that they have a problem with phone security.

I tried to call the iPhone owners but they were all on AT&T and had no reception.

Then I tried to call all the Android owners but their batteries were all dead...

Re:Tried to call

[Sponge+Bath]

Tried to call all the Windows Phone owners, but they didn't exist.

Re:AND WIPING MY ASS STILL LEAVES POO BEHIND!

Which begs the question: "How do blind people know when to stop wiping?"

Blind people don't wipe.

Both iPhone & Android phones less than 3 years

[perpenso]

But you're assuming that everyone who had an older phone ran out and ditched it the moment the new ones came out and thus there are no older iPhones with older software in use.

Oh wait... we're talking about Apple. Ok, yeah, everyone DID immediately ditch their old phone the moment the new model came out. Nevermind.

Its been nearly 3 years since the 3G has been sold. Both iPhone and Android users tend to have phones less than 3 years old.

So?

[ArchieBunker]

This was to prove that selling your OLD PHONE can raise security issues

Re:So?

[perpenso]

This was to prove that selling your OLD PHONE can raise security issues

It still seems contrived, the 3G is obsolete not simply old. To avoid redundant posts: http://slashdot.org/comments.pl?sid=3607997&cid=43344171

theres only one way to wipe discarded hardware

[FudRucker]

pound it to smithereens with an 8 pound sledge hammer, nothing but crumbs left when i am done

Re:This is old news, and no longer correct for iPh

[the_B0fh]

How many times are you going to quote that article without understanding WTF you're quoting? And you call yourself a CEH?

Jesus Christ.

There is an app for that ...

[perpenso]

After erasing the contents fill the 3G with music to overwrite, then erase again?

Pretty sure the filesystem in iOS can have partially empty blocks. I'd make a copy of my music, then run find . -type f -print0 | perl -n0e 'truncate($_, -s $_ >> 13 13)' to make sure that all the files were rounded off to 4096 bytes first.

I just thought to check for apps that wipe storage, there are several. I should have known there was an app for that. :-)

Re:A contrived test: old phone, old operating syst

The author used the last iPhone (3G) running the last iOS version (4) that would exhibit such behavior. It seems a contrived test.

It's only contrived if you fail to consider that most people who are SELLING a USED iPhone on Craigslist are selling their OLD model, not the new one they just purchased.

Personally, I found the following statement the most interesting out of the entire article:
"Interestingly, many of the locations found in the database were places the phone’s owner had never been — most in southeast Asia. Reiber says this suggests the phone or its memory had been refurbished"
That's very interesting indeed.

Email, of course

[Misagon]

It could have been in an email:
* State/gov authorities.
* Insurance company.
* Your doctor
* Digital copy of payslip
etc.

Do you not have access to your email via your phone?

Re:Email, of course

[CCarrot]

It could have been in an email:
* State/gov authorities.
* Insurance company.
* Your doctor
* Digital copy of payslip
etc.

Do you not have access to your email via your phone?

Umm...if any company that I dealt with actually did this, I would be severing all relationships with them immediately and demanding that they remove my information from any and all databanks they use. They may actually have my SIN, as provided by me in person or via sealed snail mail when I contracted for their services, but that information should never, I repeat never be treated so casually.

No, I do not send or receive sensitive personal information such as my SIN via email. Nor do I scribble it in the dirt on my car windows...but to each their own, I suppose...

Re:Email, of course

[Lumpy]

In the 26 years I have had email and 12+ years I have had a smartphone I have never, EVER sent or received an email with my social security number in it.

This fear is a Capitol F in FUD.

Re:Email, of course

[Lumpy]

"They may actually have my SIN, as provided by me in person"

Hello fellow shadowrunner... is that a Corporate SIN or is it your fake SIN for your missions?

Re:Email, of course

All of these organizations have it staff and lawyers who would inform them that all email is sent plain text across networks.

Have you noticed that they will never display anything but the last 4 digits of a credit card number?

Re:Email, of course

About the same stats and I've had to request my transcripts a couple of times, electronically and that, my friend, required a SSN

Re:Email, of course

[CCarrot]

"They may actually have my SIN, as provided by me in person"

Hello fellow shadowrunner... is that a Corporate SIN or is it your fake SIN for your missions?

Ah, right, yanks call it a SSN, not a SIN...us canucks are all SINners, at least once we're old enough to work... :)

Re:A contrived test: old phone, old operating syst

[Kaenneth]

Or the wi-fi access point MAC address was duplicated by some cheap SE Asian company?

I'd say there is a higher probability the location data was just wrong.

Re:A contrived test: old phone, old operating syst

[djl4570]

No so contrived. These are the phones that are entering the used market. The early adopters are getting the next great iPhone and selling their old one. A lot of these users don't want to spend time or money upgrading the OS of an old phone and may be blissfully unaware of the security issues of the outdated OS.

Re:This is old news, and no longer correct for iPh

[giveen796]

Actually, I was wrong, I misunderstood somethings. Not afraid to admit I was wrong.

Re:This is old news, and no longer correct for iPh

Is this encryption key stored in multiple places on the device? In case of accidentaly corruption or hardware error?

Also, another question. Is the encryption key backedup onto the computer when you make a backup, or is the device the only copy in existence anywhere of they key?

I teach mobile device forensics

And all I can say is "DUH!" This is nothing new. The iPhone 3 did not have the built-in support to encrypt the personal data partition used on the phone, because that feature did not exist on the iPhone until iOS version 4, which coincided with the release of the iPhone 4. The iPhone 3 could not be upgraded to iOS 4.x, though the 3GS could, so this is no big surprise. Fun fact: when you wipe a iOS 4.x and later device, it doesn't actually wipe the data. What it does is destroys the encryption key for the encrypted partition, rendering it unreadable.

So don't sell it but

[kilodelta]

Destroy it instead. It's enormously gratifying to reduce a smart phone to powder. And try reading that.

Re:A contrived test: old phone, old operating syst

[Lumpy]

It was also a iphone 3, the 3G and newer all solved this problem. The Article is horribly out of date.

Sigh. Again, for real security, get a blackberry

Once again, blackberries solved this problem about 10 years ago (or more).

If you want real, audited, certified security, get a blackberry.

If security isn't important to you, android & iphone are fine.

Sadly, most people are in the latter category.

And?

This is news at Slashdot in the year 2013? Are we starting to see a pattern here or is it just my imagination?

Re:AND WIPING MY ASS STILL LEAVES POO BEHIND!

[FatdogHaiku]

When you wipe so hard it causes you to sneeze, you can stop.

Re:This is old news, and no longer correct for iPh

[the_B0fh]

I'm actually impressed. Good for you.

Its obsolete, not simply old

[perpenso]

The author used the last iPhone (3G) running the last iOS version (4) that would exhibit such behavior. It seems a contrived test.

It's only contrived if you fail to consider that most people who are SELLING a USED iPhone on Craigslist are selling their OLD model, not the new one they just purchased.

The 3G is not simply an old model, its an obsolete model. Many actively supported apps won't support its CPU (armv6), amount of RAM (128MB), or OS version (4.2.1). The 3G was replaced by the 3GS nearly 4 years ago, it sales slowed before that due to the impending release of the 3GS, and it has not even been offered as a low end budget alternative for nearly 3 years. I expect the used iPhones being sold today are generally iPhone 3GS or 4, phones that are supported by the current version of iOS and actively supported by apps.

Now if you want to complain that a phone sold 3 years ago is obsolete, well that is a different topic and I'm likely to agree with you. But with respect to the topic of today's used iPhone market, focusing on the 3G does seem contrived for the reasons above.

Re:A contrived test: old phone, old operating syst

[perpenso]

To avoid redundant posts ... http://slashdot.org/comments.pl?sid=3607997&cid=43344171

Re:A contrived test: old phone, old operating syst

Horribly contrived. The iPhone 3G came out 5 years ago and was the last version of the phone that was susceptible to this. This was a widely-known problem at the time, which is why Apple fixed it.

If not contrived, it's horribly intellectually dishonest to pull out a known issue from 5 years ago and trot it out as if it's a new vulnerability.

Re:AND WIPING MY ASS STILL LEAVES POO BEHIND!

Their heightened sense of smell?

# rm -fr / anyone?

I guess I'd try rm -fr / on my clockworkmod terminal and then tried to flash vanilla android there...

Re:AND WIPING MY ASS STILL LEAVES POO BEHIND!

[Whalou]

The dog stops licking.

Best wiping solution

[Grand+Facade]

"Will it blend?"

Re:AND WIPING MY ASS STILL LEAVES POO BEHIND!

[RockDoctor]

When their fingers stop sliding.

Next question?