Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wiping a Smartphone Still Leaves Data Behind

Posted by Soulskill on from the why-you-always-smash-them-with-a-hammer-before-reselling-them dept.

KindMind writes "To probably no one's surprise, wiping a smartphone by standard methods doesn't get all the data erased. From an article at Wired: 'Problem is, even if you do everything right, there can still be lots of personal data left behind. Simply restoring a phone to its factory settings won't completely clear it of data. Even if you use the built-in tools to wipe it, when you go to sell your phone on Craigslist you may be selling all sorts of things along with it that are far more valuable — your name, birth date, Social Security number and home address, for example. ... [On a wiped iPhone 3G, mobile forensics specialist Lee Reiber] found a large amount of deleted personal data that he recovered because it had not been overwritten. He was able to find hundreds of phone numbers from a contacts database. Worse, he found a list of nearly every Wi-Fi and cellular access point the phone had ever come across — 68,390 Wi-Fi points and 61,202 cell sites. (This was the same location data tracking that landed Apple in a privacy flap a few years ago, and caused it to change its collection methods.) Even if the phone had never connected to any of the Wi-Fi access points, iOS was still logging them, and Reiber was able to grab them and piece together a trail of where the phone had been turned on.'"

10 of 155 comments (clear)

  1. Depends on the phone and the methods used by guruevi · · Score: 4, Informative

    Most decent cell phones have built-in encryption which wipes the phone by simply deleting the built-in keys. Some cheap-ass droids and the 'feature-phones' may not have it built-in but it's fairly easy to wipe a phone that has the feature.

    Off course, if you use the wrong methods (such as simply 'restoring' the phone) or using unencrypted external media, not much is going to help you. If you really need to get rid of your data (eg. in an enterprise environment) I would hope those in charge of the devices would know how to configure and manage the phones correctly so they can be remotely wiped etc

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  2. This is old news, and no longer correct for iPhone by kallisti · · Score: 5, Informative

    The key line: "On a wiped iPhone 3G"

    Starting with the iPhone3GS, iOS encrypts everything with a random AES256 key. When you say to wipe the device, it erases that key rendering everything else unusable. This is mentioned in the article, but downplayed. It's been a long time since you could even buy an iPhone 3G, so it seems alarmist to bring it up now.

    http://blog.itsecurityexpert.co.uk/2011/10/securely-wiping-your-personal-data-from.html

  3. A contrived test: old phone, old operating system? by perpenso · · Score: 5, Informative

    Did the previous owner use the "erase all content and settings" feature of that phone? Or just restore it. That would have been using the built in tool and would have overwrote the data. http://support.apple.com/kb/ht2110

    The author used the last iPhone (3G) running the last iOS version (4) that would exhibit such behavior. It seems a contrived test.

    An upgrade to iOS 5 would fix the problem on the 3G. On newer phones the encryption key needed to access the data is destroyed, so the problem never would have occurred.

  4. Re:Can't hide it by BasilBrush · · Score: 4, Informative

    With iOS it certainly isn't. Note the iPhones used in the article were deliberately selected to be very old. iPhone 3G.

    With newer iPhones, every single byte is written using a hardware based encryption key. AES-256. Wiping the phone involves deleting just the key. At that stage none of the phone's data is recoverable. Not by anyone.

  5. Re:doesn't sound like built in wipe was used by BasilBrush · · Score: 4, Funny

    Quick, someone tell 2008 that they have a problem with phone security.

  6. Re:A contrived test: old phone, old operating syst by Alter_3d · · Score: 4, Informative

    The author used the last iPhone (3G) running the last iOS version (4) that would exhibit such behavior. It seems a contrived test. An upgrade to iOS 5 would fix the problem on the 3G. On newer phones the encryption key needed to access the data is destroyed, so the problem never would have occurred.

    Sorry, but the iPhone 3G tops out at version 4.1.2. The 3GS, on the other hand, does have support for iOS 6, if I remember correctly.

  7. Re:68,000 wifi points?? by EvanED · · Score: 4, Insightful

    Even with the assumption that these are not unique access points ... that's still an insane number. If we change the time-frame to 2 years, roughly the average lifespan between upgrades, he's up to 95 WiFi points per day.

    If the wifi points are non-unique, 100 wifi points per day would be downright easy to achieve. I probably pass far more than that on the way to and from work each day on the bus.

    Remember, it's not "how many networks have you connected to" but "how many have come in range of your antenna."

    Unique points would be a lot harder to hit, but as someone else points out, you could probably rack up access points very quickly in a metropolitan area.

  8. Tried to call by SuperKendall · · Score: 4, Funny

    Quick, someone tell 2008 that they have a problem with phone security.

    I tried to call the iPhone owners but they were all on AT&T and had no reception.

    Then I tried to call all the Android owners but their batteries were all dead...

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  9. There is an app for that ... by perpenso · · Score: 4, Interesting

    After erasing the contents fill the 3G with music to overwrite, then erase again?

    Pretty sure the filesystem in iOS can have partially empty blocks. I'd make a copy of my music, then run find . -type f -print0 | perl -n0e 'truncate($_, -s $_ >> 13 13)' to make sure that all the files were rounded off to 4096 bytes first.

    I just thought to check for apps that wipe storage, there are several. I should have known there was an app for that. :-)

  10. Re:doesn't sound like built in wipe was used by icebike · · Score: 5, Informative

    When you do read TFA you find out this:

    Take the two Motorola devices(android). Both were wiped, and neither had much to speak of stored in their built-in memory, just some application data with no personally identifiable fingerprints.

    But one user left his micro SD card in the phone. Although the contents of the card were deleted, the card had not been formatted. This, apparently, meant the files were recoverable. And because Android cached application data to this SD card, Reiber could recover e-mail data as well — enough that we could positively identify the phone’s owner via his e-mail address. But the real treasure trove was the photos and documents. The photos still had metadata, including the dates, times and locations in which the photos were shot. And while the documents were benign, if the phone’s owner had stored sensitive information on his phone — think a tax return with a Social Security number, or a .pdf bank statement — we would have had that, too.

    So other than USER Stupidity of leaving his SD card in the device he recycled, this once again is an Apple story pinned to a model long out of production dating to a problem long since fixed by Apple.

    Not that it changes much, if the police who buy these forensic tools happen to get your phone they pretty much have everything they need to know everything about you. How does "AccessData" get around violations of the DMCA by building tools to circumvent encryption?

    --
    Sig Battery depleted. Reverting to safe mode.