Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Hard Proof That Wiping Your Phone Doesn't Actually Delete Everything
Mashable ^ | July 9, 2014 | BY PETE PACHAL

Posted on 07/10/2014 1:30:12 AM PDT by Swordmaker

Have you ever sold an old smartphone on eBay? You might be interested to know that the apps, photos and even Google searches on your phone can still be recovered — even if you performed a factory reset.

The team at security software company Avast purchased 20 different phones on eBay and unleashed data-recovery tools on them to see what they could find. The results are persuasive evidence that resetting your phone back to factory settings doesn't mean your data is gone forever.

From the 20 phones, Avast managed to recover 40,000 photos (including 1,500 family photos with children and 250 selfies of someone's "manhood"), 750 emails, 250 contacts with names and addresses and even files such as a loan application and a completed sexual harassment course. Predictably, some of the recovered photos were pornographic, as reported by VentureBeat, with one of the previous owners clearly a fan of anime porn, an Avast representative is quoted as saying.

Avast's discovery is sobering, if not surprising. When wiping any storage device, you're often not actually erasing the data itself. Rather, the software that manages the device's content erases the index information for the file, marking those bits as ready to be overwritten with new data anytime. But the data's still there, and, with the right recovery tools, can still be accessed.

Many disk-management and security tools (including — shocker — Avast's) can permanently delete data on a device, although the process typically takes longer than a normal hard reset. BlackBerry has offered a "secure wipe" tool for years. There are several apps in Google Play that promise to securely wipe your phone, but this is one area where Apple has an advantage.

"You'll notice that the [Avast] story is about 20 Android phones, not iPhones,"

"You'll notice that the [Avast] story is about 20 Android phones, not iPhones," says Chris Bross, CTO of Drivesavers, a data-recovery service. "The recovery of data from an iPhone vs. an Android device is more challenging because of the protections that Apple puts in the security stack. Apple does a better job in their secure-wipe routine than what appears to happen with third-party apps on Android."

iPhones and iPads include hardware encryption, and when the user wipes the phone, the encryption keys are overwritten, a process that makes recovering data very difficult. Android devices don't necessarily have hardware encryption, and the secure-wipe solutions on that platform aren't consistent.

One of the problems with securely wiping a phone has to do with how data storage on mobile works. Most smartphones use a type of storage called NAND flash memory, which often keeps redundant copies of stale data in areas that aren't part of the device's file system, Bross says.

"NAND flash makes it hard to get rid of all the data on a device in one fell swoop," he says.

Indeed, some of the secure-wipe apps on Google Play include disclaimers such as "...we cannot guarantee that all free space will be sanitized...."

So should anyone interested in reselling an Android phone simply give up, and throw it away instead? Not necessarily, says Bross. There's at least one way to get rid of all your data on a phone, but it's time-consuming.

"One step that a user could take is after they do a factory reset of their phone, then fill all of the phone's storage with benign data — say, a video of your dog playing in the yard. At least you'll be overwriting and resetting all the NAND flash on the device. Then wipe it again.

"But that's not a guaranteed," he quickly added.


TOPICS: Business/Economy; Computers/Internet
KEYWORDS: phones

1 posted on 07/10/2014 1:30:12 AM PDT by Swordmaker
[ Post Reply | Private Reply | View Replies]

To: ~Kim4VRWC's~; 1234; Abundy; Action-America; acoulterfan; AFreeBird; Airwinger; Aliska; altair; ...
iPhones and iPads are more securely erased when reset to factory settings when you sell or dispose of them than Android devices according to Security Firm Avast! PING!


Apple iOS security finding Ping!
Not so good for Android Security. . .

If you want on or off the Mac Ping List, Freepmail me.

2 posted on 07/10/2014 1:34:25 AM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

How about, don’t take pictures of your dong?


3 posted on 07/10/2014 1:34:41 AM PDT by Octar
[ Post Reply | Private Reply | To 1 | View Replies]

To: Octar
How about, don’t take pictures of your dong?

At least be certain you can securely erase it. . . one commentor suggested the photographer needed the "Macro lens option!" LOL.

4 posted on 07/10/2014 1:41:16 AM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 3 | View Replies]

To: All
 photo dadez1.jpg

Help FR Continue the Conservative Fight!
Your Monthly and Quarterly Donations
Help Keep FR In the Battle!

Sponsoring FReepers are contributing
$10 Each time a New Monthly Donor signs up!
Get more bang for your FR buck!
Click Here To Sign Up Now!


5 posted on 07/10/2014 1:43:59 AM PDT by musicman (Until I see the REAL Long Form Vault BC, he's just "PRES__ENT" Obama = Without "ID")
[ Post Reply | Private Reply | To 3 | View Replies]

To: Octar
LOL. I still have my old nokia from 10 years ago. Maybe its time to burn it with acetone.
6 posted on 07/10/2014 2:06:10 AM PDT by MaxMax (Pay Attention and you'll be pissed off too! FIRE BOEHNER, NOW!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Swordmaker
Microwaving a cell phone
7 posted on 07/10/2014 2:12:49 AM PDT by P.O.E. (Pray for America)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Octar
"...How about, don’t take pictures of your dong..."

He said "...a video of your dog playing in the yard..."

A DOG!

:)

8 posted on 07/10/2014 2:20:17 AM PDT by rlmorel ("A nation, despicable by it"s weakness, forfeits even the privilege of being neutral." A. Hamilton)
[ Post Reply | Private Reply | To 3 | View Replies]

To: P.O.E.

I like that.

The only real saving grace here is, if you lose your phone and try to remotely wipe it, odds are it won’t be found by someone who has the wherewithal to scavenge that data.

If it gets found by someone with ill intent, their ill intent is probably going to be limited to simply keeping the phone and trying to either use it or sell it. If someone has the means and knowledge to recover the data, they probably make enough money not to want some phone found in a restroom floor. (ugh)


9 posted on 07/10/2014 2:25:40 AM PDT by rlmorel ("A nation, despicable by it"s weakness, forfeits even the privilege of being neutral." A. Hamilton)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Swordmaker

The reason why I have an iPhone 3 and a 4 still sitting in my desk drawer, despite the temptation to get some quick cash.


10 posted on 07/10/2014 3:04:35 AM PDT by Gaffer
[ Post Reply | Private Reply | To 1 | View Replies]

To: rlmorel

I know it’s ecologically naughty, but that’s why I throw mine out in the trash. I do remove the batteries, though.

Not that I have anything incriminating or even vaguely interesting going on, but just on the principle of the thing.


11 posted on 07/10/2014 3:22:40 AM PDT by P.O.E. (Pray for America)
[ Post Reply | Private Reply | To 9 | View Replies]

To: musicman

Lol...


12 posted on 07/10/2014 3:37:43 AM PDT by Dallas59
[ Post Reply | Private Reply | To 5 | View Replies]

To: Swordmaker

http://www.blackphone.ch


13 posted on 07/10/2014 3:45:37 AM PDT by UnbelievingScumOnTheOtherSide (HELL, NO! BE UNGOVERNABLE! --- ISLAM DELENDA EST)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MaxMax

“I still have my old nokia...”

I just went thru our old cellphone “collection box” stored in a closet. Many relics there...including a bag phone. I performed a “wipe” on a number of phones with a sledge hammer before depositing in the garbage.


14 posted on 07/10/2014 6:02:31 AM PDT by moovova
[ Post Reply | Private Reply | To 6 | View Replies]

To: MaxMax
Maybe its time to burn it with acetone.

Or, a good day to ensure the scope's properly sighted on the 10/22...

15 posted on 07/10/2014 6:20:52 AM PDT by IYAS9YAS (Has anyone seen my tagline? It was here yesterday. I seem to have misplaced it.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Swordmaker

The last couple of sentences are the solution. Don’t try to “erase” your files, just keep overwriting them. Fill up the memory, then overwrite it, over and over. You need to make the flash memory subsystem overwrite its own “scratch” memory.


16 posted on 07/10/2014 6:33:09 AM PDT by jiggyboy
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

I read through the /. post on this. From the comments, it’s pretty clear that Apple is the best at protecting the user’s privacy when you tell the phone to reset to factory defaults. The description given for how this reset is done with an iPhone is pretty good. All data is always encrypted on an iPhone. When a reset is done, the encryption key is wiped. The data remains, but is useless to anyone without the key.

The big caveat with this, is that we have to hope that Apple got the crypto part right. i.e., there are no bug in the key generation that cause it to create weak keys, and that type of thing. The proper implementation is harder than most people think.

Some Android phones also do pretty much the same thing, but you have to have encryption enabled, otherwise, your data is not really reset with a wipe.

I think one reason they don’t actually go through and completely wipe all data is because of how much time that actually takes. For a 16 or 32 GB phone, to wipe all the flash can take a considerable amount of time (an hour or so). If you’re using strong and well-implemented crypto, that wipe isn’t necessary as long as the decryption key is thoroughly destroyed.


17 posted on 07/10/2014 10:17:37 AM PDT by zeugma (It is time for us to start playing cowboys and muslims for real now.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Swordmaker
Rather, the software that manages the device's content erases the index information for the file, marking those bits as ready to be overwritten with new data anytime.

I thought most people understood this, but probably not as most phone users aren't techies. Computer hobbyists have long understood this. When you defrag a hard drive, it simply changes the index information for the file fragments location, leaving the data alone until overwritten. Unless you specify to overwrite the old data.

About five years ago, a brother-in-law asked me to repair a laptop PC that he was giving as a birthday present to his wife (my wife's sister). The hard drive and DVD were fried, and he thought all data was forever gone. But with my tools I recovered data. Not just what was there, but all the files he had deleted. Including racy pictures and notes with his previous girlfriends and plenty of clues that the laptop belonged to his last girlfriend. I never looked at him the same way again, and despise him as a jerk taking advantage of women! Oh, I told him the laptop was garbage and unrepairable (it wasn't).

18 posted on 07/10/2014 11:19:25 AM PDT by roadcat
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma; Swordmaker

“I think one reason they don’t actually go through and completely wipe all data is because of how much time that actually takes. For a 16 or 32 GB phone, to wipe all the flash can take a considerable amount of time (an hour or so).”

Wow, that long?
/s

“If you’re using strong and well-implemented crypto, that wipe isn’t necessary as long as the decryption key is thoroughly destroyed.”

Are you talking about the Androids?

Because WADR, the question is whether Apple’s crypto IS that well implemented.

“iPhones and iPads include hardware encryption, and when the user wipes the phone, the encryption keys are overwritten, a process that makes recovering data very difficult. “

“Very difficult” is not “thoroughly destroyed.”

/ 25 year mac user, 2 year iphone user


19 posted on 07/10/2014 3:24:23 PM PDT by Yehuda (Search youtube and listen to "Islams Not For Me".)
[ Post Reply | Private Reply | To 17 | View Replies]

To: Gaffer
The reason why I have an iPhone 3 and a 4 still sitting in my desk drawer, despite the temptation to get some quick cash.

You should be fine with the 4. I think the 3GS was the first iPhone to have hardware encryption. The 3G might be in the same boat as the Android phones.

No need to leave it languishing in a desk drawer, though. There are plenty of uses for iPhones (or Android phones, I assume, though I don't know the apps for them). I have four iPhones of different generations, which is a bit extreme; I'm probably going to give one of the old ones away, but they make dandy IEDs (improvised embedded devices). Long-winded and marginally interesting suggestions follow.

iPod: Obviously, an iPhone without a cellular plan is basically an iPod Touch, but with GPS and a better camera. If you're constantly bumping up against the storage limit on your main phone, you can keep your music on the old one. Or take it to the beach or the gym or anywhere you're worried about damage. You can also get a video-out cable or HDMI adapter, load up Netflix and Hulu apps, and use it like a Roku.

If you're up to jailbreaking, there is a hack called Veency that runs a VNC server on the iPhone. There are several VNC client apps you can use to control the old phone remotely from the new one or from a desktop. If you're on a Mac, the standard screen sharing app works fine.

Spy camera: There are a number of apps that let one iPhone transmit video and audio to another. Presence is the one I've noodled around with. I use it mainly for keeping an eye on the washing machine from the other end of the house. It could be a home security camera, though, and even has a motion detector that can alert you. Disclaimer: Obey all applicable local laws.

Airplay receiver: AirServer and AirFloat are apps that turn an old (iOS 5 or later, I think) iPhones into an Airplay receiver. Any speaker dock, stereo, or boom box with an Aux port can be turned into a wireless speaker that can stream music from an iOS device or Mac. AirServer is supposed to also stream video, but I haven't gotten that to work.

Universal remote: The L5 remote dongle adds an IR transceiver to the iPhone's dock connector, and the app -- which runs on everything back to iOS 3, so you can use it with even the first-generation iPhone -- lets you create customizable remotes and download remotes from other users. I love having the most-used controls for my TiVo, TV and audio receiver on one screen. It can learn from other remotes and has macros. This is one I use literally every day. Unfortunately, with the remote dongle on the dock connector, you can't hook it to power, which is the only reason I don't have an iPhone set up for that permanently.

L5 also has an app called Freeze Frame that turns the iPhone into a remote for your Canon or Nikon DSLR. Set up the camera on a tripod, and the app can take pictures at intervals for cool time lapses. Or you can use the Gorillacam app to shoot time lapses with the phone's own camera.

Backup phone: With a Google Voice account (free) and the Google Hangouts app (also free), you can use an old phone to place phone calls over WiFi. You can also use the old phone to find, lock or zap your main phone if you lose it.

Fun fact: Standard, micro and nano SIM cards all have the same electronics and connectors. The only difference is the cardboard or plastic surrounding them. With a simple adapter sleeve, you can pop the little SIM from the new phone into the old one. If you keep the phones synched in iCloud, you can be back up and running with mere seconds of downtime in the event of a tragic accident. I have had the fleeting thought of getting an ankle holster for my iPhone 4s "backup piece".

20 posted on 07/10/2014 6:34:37 PM PDT by ReignOfError
[ Post Reply | Private Reply | To 10 | View Replies]

To: UnbelievingScumOnTheOtherSide
http://www.blackphone.ch

It's still an Android phone with the inherent problem this security firm discovered about Android. You can't erase it completely.

21 posted on 07/12/2014 5:20:39 AM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 13 | View Replies]

To: MaxMax

Might I suggest a simpler, fast and cheaper alternative?

Grab your drill, and almost any decent sized drill bit, and “Ventilate” your cell phone a half-dozen times. That will destroy the circuit board, most certainly hit more than a few chips, and render your phone non-functional and by almost any means, destroyed.

Takes about 10 minutes of “shop time”, and time in the shop is fun, right?

This is my SOP for hard drives.


22 posted on 07/12/2014 9:35:27 AM PDT by Hodar (A man can fail many times, but he isn't a failure until he begins to blame somebody else.- Burroughs)
[ Post Reply | Private Reply | To 6 | View Replies]

To: zeugma
The big caveat with this, is that we have to hope that Apple got the crypto part right. i.e., there are no bug in the key generation that cause it to create weak keys, and that type of thing. The proper implementation is harder than most people think.

I wonder if Apple updates the security and associated keys on the device when iOS updates? Will iOS8 have the same security and encryption routines as iOS7? I would venture to guess that it is updated yearly.

23 posted on 07/12/2014 9:39:12 AM PDT by Hodar (A man can fail many times, but he isn't a failure until he begins to blame somebody else.- Burroughs)
[ Post Reply | Private Reply | To 17 | View Replies]

To: Hodar

Buckshot works, too. And is more fun!


24 posted on 07/12/2014 9:42:56 AM PDT by MortMan (All those in favor of gun control raise both hands!)
[ Post Reply | Private Reply | To 22 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson