[Jeremy] had some chips on hand that included EPROM. We’re not talking about EEPROM, we mean EPROM that need a UV light source to erase. Most people don’t want to drop a few hundred dollars on a dedicated EPROM eraser, there must be another way.
Boy, EPROM really suck. But so do pacifiers and he already had a solution for exposing those to UV. He pulled out his $30 UV pacifier cleaner and tossed the chip inside. Two times through the cleaning cycle and the data was gone. We’ve looked into using UV LEDs to do the job but some experimentation shows that it doesn’t work. These pacifier cleaners are cheap and easy to get a hold of. The real question is are you still using chips that require UV for erasing?
This is unfortunately another story we missed out on while we were trying to keep things from burning down. We told you that [Jonathan Zdziarski] was going to demonstrate iPhone lock code bypassing in a webcast. The real surprise came when he pointed out that the iPhone takes a screenshot every time you use the home button. It does this so it can do the scaling animation. The image files are presumably deleted immediately, but as we’ve seen before it’s nearly impossible to guarantee deletion on a solid state device. There’s currently no way to disable this behavior. So, even privacy conscious people have no way to prevent their iPhone from filling up storage with screenshots of all their text message, email, and browsing activities. Hopefully Apple will address this problem just like they did with the previous secure erase issue. O’Reilly promises to publish the full webcast soon.
AppleInsider is reporting that iPhone Software v2.0 will add a secure wipe feature. The screenshot above shows the text “This will take about an hour.” added to the normal erase feature. This time is used to overwrite data to the disk multiple times. The need for secure phone erasure came to light after a researcher was able to recover personal information from a refurbished iPhone using forensic tools. Since then, a few people have published techniques for obliterating personal data using either the GUI or the more thorough command line method. Remote wipe has also been added to the new firmware in case the phone is stolen. We’re happy to see security being made easily accessible to nontechnical users and expect that remote wipe will become standard on laptops in the future.
Maybe you wiped your iPhone by filling the hard drive with music, or maybe you used a more sophisticated method. In either case, your phone is clean, but the hard drive in your computer is still chock full of evidence of your misdeeds (or just personal emails to your mother). If you fear forensic analysis will expose your wheelings and dealings, then a full format is not enough; you’re going to have to obliterate the plates inside the hard drive.
To that end, [Eecue] posted this worklog of slagging a hard drive. Using a propane powered furnace, he melted most of the drive’s components by placing it in a steel crucible which was lowered into the furnace. After a few minutes everything but the steel casing and a few bits of woven fiberglass from the PCB were melted down completely. You can see the entire process in [Eecue]‘s drive slagging photo album.
With solid state drives becoming popular and their inherent difficulty of assured erasure, physical destruction is looking like a lot more reasonable option. As you readers have stated in the past: it’s certainly a lot more fun.
You may be hoping to subsidize the purchase of an iPhone 3G with the sale of your old one, but since you should wipe all your personal data from the old one first, we brought you [Rich Mogull]‘s method for wiping all your private data off of an iPhone. The method, which involves overwriting your data with music, is slightly flawed, mainly because of live files that can’t be deleted while the phone’s OS is working and because the OS reserves a portion of the hard drive as unwritable space, which will make it impossible to completely fill it with music.
For those looking to annihilate every scrap of personal information, check out [Jonathan Zdziarski]‘s method. It involves restoring the phone as a new phone, then jailbreaking it. Once the user has shell access, umount is used to force the two mount points into read-only mode. Now the partitions can be overwritten with /dev/zero, which should wipe them clean. The phone should then be forced into recovery mode to perform another full system restore, and the process is complete. As [Zdziarski] notes, several iterations of the process with /dev/random should prevent even NAND recovery, but there is an even better way of ensuring full data destruction: “simply take a sledgehammer to the device.” If you are unfamiliar with the command line though, chances are [Rich Mogull]‘s method will be easier for you to handle, but don’t blame us if you sell your phone and the Feds get wise to the evidence you left on it.
A fundamental problem with flash memory has just gone mainstream. A detective successfully recovered data from a refurbished iPhone purchased from Apple. Flash memory controllers write to blocks randomly so using standard secure erase techniques are no guarantee that all of the storage space will be written.
[Rich Mogull] has posted a method that should wipe out almost all remnants of your personal data. You start by restoring the iPhone in iTunes and turning off all the syncing options. Next you create 3 playlists large enough to consume all of the phone’s storage space. Sync each playlist in turn and your residual personal data should be obliterated. All that’s left to do is sit back and wonder when the first article about the MacBook Air SSD being impossible to securely erase will be published…