dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
514

Jehu
Premium Member
join:2002-09-13
MA

Jehu

Premium Member

[iPhone] Secure iPhone wipe

Web searching around I don't feel I have a straight answer: Does an iPhone reset/wipe destroy data beyond recovery or does one need to use one of the software downloads that does multi-pass formatting/overwriting.

thx

koolman2
Premium Member
join:2002-10-01
Anchorage, AK

koolman2

Premium Member

I looked for a source for the following but couldn't find it. I believe it works like this:

All data on the iPhone is encrypted. The encryption key is generated when the phone first boots. When you reset all data, this encryption key is wiped from the device with random data multiple times, essentially making your data inaccessible.

Thinkdiff
MVM,
join:2001-08-07
Bronx, NY

Thinkdiff

MVM,

That's correct. No need for a multi-pass erase (which doesn't really work on Flash-based storage anyway).

GuruGuy
Premium Member
join:2002-12-16
Atlanta, GA

GuruGuy to Jehu

Premium Member

to Jehu
I believe in order for the encryption to be active though, a pin must have been set and used. Otherwise, data is not encrypted. Yes?

Jehu
Premium Member
join:2002-09-13
MA

Jehu

Premium Member

Cool, thanks for the info folks

Thinkdiff
MVM,
join:2001-08-07
Bronx, NY

Thinkdiff to GuruGuy

MVM,

to GuruGuy
Not exactly. If you use a PIN, the encryption key used for personal data is affected by the PIN you set, making it harder to guess the key. But data on the iPhone is always encrypted with some key. Picking the "Erase iPhone" option simply erases and generates a new key.

GuruGuy
Premium Member
join:2002-12-16
Atlanta, GA

GuruGuy to Jehu

Premium Member

to Jehu
That's not the way I remember it. The passcode has to be set to enable Data Encryption.

»support.apple.com/en-us/HT202064

Thinkdiff
MVM,
join:2001-08-07
Bronx, NY

4 edits

Thinkdiff

MVM,

said by »support.apple.com/en-us/HT202064 :

Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode. This provides an additional layer of protection for your email messages attachments, and third-party applications.

From your own link. Everything stored on the phone is encrypted by default, however without the passcode it's encrypted with the standard hardware key. That key can be extracted by attackers, therefore it is not considered "protected" even though it's encrypted. If you add a passcode, data is encrypted with both the hardware and passcode keys, making it more difficult/impossible to decrypt.

The Erase iPhone button (what we're discussing in this thread) works the same way whether or not you have a passcode set.

Edit: I just want to add, before somebody jumps all over me, that I'm purposefully being a bit vague/loose with how these mechanisms actually work, because it's not all that important. Apple wrote a really great and incredibly easy to understand white paper on the whole system: »www.apple.com/br/privacy ··· 2014.pdf

Device encryption starts at page 9 if you want to learn how everything actually works, but the figure on page 10 sums it up quite nicely. Here's the relevant parts:
quote:
The metadata of all files in the file system is encrypted with a random key, which is created when iOS is first installed or when the device is wiped by a user. ... Since it’s stored on the device, this key is not used to maintain the confidentiality of data; instead, it’s designed to be quickly erased on demand (by the user, with the “Erase all content and settings” option, or by a user or administrator ... Erasing the key in this manner renders all files cryptographically inaccessible.

The content of a file is encrypted with a per-file key ... which is in turn encrypted with the file system key. The class key is protected with the hardware UID and, for some classes, the user’s passcode.
So all data is encrypted by default. If you have a passcode, certain classes of files are encrypted with a combination of the hardware and passcode key. If you don't have a passcode, it's encrypted just with the hardware key.

tl;dr: The "Erase iPhone" button will simply erase the keys that encrypt every user-generated file on your phone. This works regardless of your passcode settings.