A fundamental problem with flash memory has just gone mainstream. A detective successfully recovered data from a refurbished iPhone purchased from Apple. Flash memory controllers write to blocks randomly so using standard secure erase techniques are no guarantee that all of the storage space will be written.
[Rich Mogull] has posted a method that should wipe out almost all remnants of your personal data. You start by restoring the iPhone in iTunes and turning off all the syncing options. Next you create 3 playlists large enough to consume all of the phone’s storage space. Sync each playlist in turn and your residual personal data should be obliterated. All that’s left to do is sit back and wonder when the first article about the MacBook Air SSD being impossible to securely erase will be published…
hrrm, or you could try the will it blend approach…securely erasing the iPhone should work too…
Alternatively, a fill with zero secure erase would work fine…
I like the will it blend idea. i saw the title and clicked on it thinking i was going to get to see an iphone that had been rapidly disassembled. now i am disappointed
Hey polobunny, how would you go about that? The iPhone doesn’t show as a drive when you plug it in.
Use the SDK to wite one that runs on the phone?
Doesnt have to be done via a PC/Mac
An important point to remember: Flash only writes zeros, not ones. When you write to a flash device, it sets the contents of the block to all ones via erasure, then writes the appropriate zeros in place.
Well that wouldn’t work either, it would stop right as it erases itself. Just like doing a rm -Rf / on a linux box.
I can erase any SSD drive, with a nice ball-peen hammer… though the resale value falls significantly, after the process is complete.
No – none of those methods will fully work, because the SSD has spare blocks (more blocks than it’s rated capacity), which are used for wear leveling and replacement of faulty blocks. Filling the device with anything won’t fill the remaining “spare” blocks that may have your data on.
Note this WILL work for some filesystems that work at a lower level than a block device – JFFS2 for linux being the most famous example.
i found an iphone and the password is set, how would i change the password and use the phone?
This is a neat article and I was shocked to hear that apple didn’t completely erase the contents of the referb. thanks for the info :D
you think by now someone would make an easy way to hack newer phones, an app – one for all kinda thing. just my thoughts, if you get a min take a look at my site, hopefully you’ll like :)
Super-Duper site! I am loving it!! Will come back again, Thanks.
WOW – this just opened my eyes – already excited to see new versions coming!