back to article Thanks for nothing, Apple, say forensic security chaps

Felons wanting to best forensic investigators need only perform a factory reset of all current model iPhones, say forensic security experts. Apple's decision to encrypt data on the iPhone is responsible for this state of affairs because a factory reset erases the decryption key required to reveal the handset's contents, …

COMMENTS

This topic is closed for new posts.
  1. Michael Hoffmann Silver badge
    Trollface

    Alternate article title

    "Good on you, Apple, says rest of the world" ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Alternate article title

      Right. I'm no Apple fan, but how would making a platform secure be a bad thing?

    2. Anonymous Coward
      Anonymous Coward

      Re: Alternate article title

      Hypothetical question - is there an app that will perform a factory reset automatically if you don't tell it not to every 8 hours? Useful if your iPhone is lost and found and kept in a Faraday cage to prevent it connecting a network and receiving a remote wipe command.

      1. Lusty

        Re: Alternate article title

        No need, the default action is to wipe the phone after 8 failed login attempts. With iCloud, your data is all backed up so this poses no problem. Once wiped the device is effectively bricked until your Apple ID is used to unlock it again (although I've not Googled for workarounds to this to be fair)

        1. Anonymous Coward
          Anonymous Coward

          Re: Alternate article title

          With iCloud, your data is all backed up so this poses no problem

          LOL. If you want a phone to reset forensically secure, using iCloud seems a tad ill advised :).

          1. Lusty

            Re: Alternate article title

            I don't want my phone forensically secure, I just want it wiped when it gets lost and I want to keep my data.

      2. Anonymous Coward
        Anonymous Coward

        Re: Alternate article title

        If the data on the phone is encrypted anyway - yes guess I'd prefer the phone was wiped securely (if it had been stolen - and you would assume someone putting it in a faraday cage probably does not intend to return it) - but for most users it's still secure.

      3. Richard Taylor 2

        Re: Alternate article title

        "Hypothetical question - is there an app that will perform a factory reset automatically if you don't tell it not to every 8 hours?"

        You can do it with a simple javascript.

        1. ThomH

          Re: Alternate article title (@Richard Taylor 2)

          I really don't think you can. Why would Safari have any access to the device's login password or the wipe feature? And if it could be done "with a simple JavaScript" then wouldn't the script kiddies have had a lot of fun by now?

          1. Richard Taylor 2

            Re: Alternate article title (@Richard Taylor 2)

            Because if you have a user id, and a password you can wipe your own device.... simples. Please read my post properly. I did not claim it was a generic 'snark apple' thing. Idiot.

    3. Anonymous Coward
      Anonymous Coward

      Re: Alternate article title

      The downside is that if you accidentally erase a photo it disappears for good unless there is a backup in the cloud.

    4. JCitizen
      Facepalm

      Re: Alternate article title

      What!?! No breaking phones in half and throwing them into public trash cans, like Mr. White in "Breaking Bad"????

      NAAAaa! That's too easy!

      1. ThomH

        Re: Alternate article title @JCitizen

        Just plug them in to charge with certain third-party chargers?

    5. big_D Silver badge

      Re: Alternate article title

      Surely this is exactly what a factory reset should do? I wouldn't want to sell my phone, if I knew that even after a factory reset the original contents could be restored...

  2. James 51

    Would this not also be an issue for blackberry handsets which are encrypted and then wiped?

    Or is this a matter of need secure comms? We have this unbreakable encryption called enigma we got from the nazis after the war you might be interested in.

    1. TRT Silver badge

      I've got this cheap Chinese knock off of a Samsung phone. That has an Enigma keyboard. Well, no matter what key you press 99% of the time some other character appears on the screen.

    2. ThomH

      I would assume it'd be just as much an issue for BlackBerry devices but the expectations are different: RIM made security its touchstone feature and has always marketed primarily to businesses. Apple claims security but has primarily been consumer oriented, where customers tend not to care so much.

  3. Forget It

    but surely much of your data will still be up there on the Apple cloud - to be rifled there - no?

    1. chr0m4t1c

      No.

      Well, maybe.

      It's complicated, but if you take all the default user options you still don't get everything backed up in the cloud, apps can have a temporary data area that isn't backed up, usually it's used for things that can be downloaded again and are large so you don't want them backed up because they just fill your backup space (iOS will default to backing up application data). Financial apps normally use this area for authorisation data, so that if you restore a device the data is not present and you have to re-authorise.

      That's the default position, so already not all of your data would be in the cloud, although you should still be able to recover a device; you just re-download any content from the relevant provider after a restore. Even with this option you can still have calendar entries and contacts that are only stored on the phone if you wish.

      After that, you have options. Most secure thing to do would be to simply not configure a cloud account if you're worried about security.

      Next thing you could do is to disable backup of specific apps to the cloud, which should work quite well given the sandboxed nature of iOS.

      After that, depending on the data you want to keep secure, you could use a specifc app that provides the security you want, they normally feature an additional level of encryption, so that even their backup data can't be easily breached.

      And, of course, there's always the option of either writing your own app or paying someone to write one for you that has the features you want.

    2. Anonymous Coward
      Anonymous Coward

      but surely much of your data will still be up there on the Apple cloud - to be rifled there - no?

      Correct, certainly after Apple quietly removed the ability to just sync between laptop and iDevices from iTunes (a couple of months back). There is, however, a way around that: use your own groupware server. That way you have contact, calendar and email sync without giving it all away to the US.

      1. PJI

        Apple quietly removed the ability to just sync between laptop and iDevices

        Yes, this was one of the sillier things to do, showing complete cultural and non-USA legal ignorance or just extraordinary naivety. I gather that even in USA the innocent sometimes do have something to fear.

        However, I have seen that beta test versions of the new iTunes release have reinstated this. So fingers crossed and, if true in the customer release, glad that Apple does react to customers' remarks, eventually.

        So, as far as the "cloud" network storage goes, just disable it. If you really need it, choose one of the new services from Germany or, less handy for most people, install one on your own laptop and continue to sync locally. But this was foolish of Apple, both in terms of security and reality (strangely, outside American coffee shop chains, large parts of the world, even in the most advanced "1st world" countries, are not on free wifi networks away from home, or even mobile telephone networks. Yet one may still want to back up the device to a mobile computer that is with you (or a tablet, is that possible? No idea, no tablet).

      2. James O'Shea

        "Correct, certainly after Apple quietly removed the ability to just sync between laptop and iDevices from iTunes (a couple of months back)."

        Errm... I just checked. I can back up my 5s to my system. Indeed, the system shows a backup made on 6 April 2014. I just connected the device to my system and am starting a new backup. (Thanks for reminding me to back up...)

        When did you say that Apple removed this feature, and when did they put it back, 'cause I never missed not having it and I have the latest version of iTunes (11.1b5, if you must know.)

        1. JaimieV

          This is the "sync contacts and calendars" directly between computer and iThing option in the Info tab, which disappeared with iTunes 11 but is now on the way back.

          iTunes still has backup+restore functions.

          1. James O'Shea

            Ah. I just back everything up. That gets the contacts and calendars as well.

    3. Tom 35

      They would need a warrant to access the backup.

      They are searching phones without a warrant (in the US at lease) as they claim it's no different then your wallet. If they can't they will see this as a problem that needs to be fixed so they can.

    4. jonathanb Silver badge

      Depends who you want to keep your data secret from. If it is the government, then iCloud is a problem. If it is someone who has stolen your phone, it is less of a problem.

  4. Christian Berger

    And yet no advantage for the common user

    Since Apple can just push a new firmware to every user... which can simply read out all the data and transmit it everywhere you want.

    Encryption is fairly useless unless you have control over the hardware that encrypts. If you control that hardware you can just bypass the encryption or read out the secret keys.

    1. Dave 126 Silver badge

      Re: And yet no advantage for the common user

      >Encryption is fairly useless unless you have control over the hardware that encrypts.

      Useless to the common user? No it isn't. Most users aren't in fear of well funded agencies. What is a threat to them is losing their phone and have a criminal access their on-line accounts, or else a mate access their nudey pictures.

    2. JeffyPoooh
      Pint

      Re: And yet no advantage for the common user

      CB: "Since Apple can just push a new firmware..."

      Why would they need "push new firmware" to do that when they can just command it to perform those remote access (or equivalent) functions already? Probably a single packet.

  5. Grikath
    Facepalm

    Boo. Hoo..

    "Forensic Security Experts" complaining that criminals are making their life hard? What's next, complaining said criminals are not 'fessing up as soon as an eyebrow is raised and a tut-tut is uttered?

    Really... Some people...

    1. Crisp

      Re: Boo. Hoo..

      They'll be making it a criminal offence to not just hand over passwords next...

      1. Vociferous

        Re: Boo. Hoo..

        > They'll be making it a criminal offence to not just hand over passwords next...

        I still don't believe that law can possibly be legal. Anyone sentenced for withholding passwords should definitely appeal to EU court.

        1. This post has been deleted by its author

        2. Drs. Security

          Re: Boo. Hoo..

          not only passwords but cryptographic private keys as well.

          There are countries who are trying this e.g. France.

          So much for laws stating you don't have to aid in your own conviction.

          1. Tom 35

            Re: Boo. Hoo..

            If you are at the US boarder, you are not IN the US and have no rights at all. They can already require you to unlock any device so they can snoop for any reason, or just because they don't like you, or think your hat is funny.

            1. Anonymous Coward
              Anonymous Coward

              Re: Boo. Hoo..

              Tom 35: "If you are at [or within 100 miles of] the US border..."

              There, I fixed it for you.

        3. JCitizen
          Coffee/keyboard

          Re: Boo. Hoo..

          I keep reading they can do this in the US too - but that just doesn't compute that you can just throw the 5th Amendment out the window without a Supreme Court battle. It may even be a 4th and 10th Amendment issue as well when looking at the whole of it. Perhaps no one has fought it because of the preponderance of the evidence other than what is encrypted made the revelation of it unnecessary? Hmm?! Of course these have been border crossing cases, and maybe they think even US Citizens rights end at the border?

        4. Michael Habel

          Re: Boo. Hoo..

          They'll be making it a criminal offence to not just hand over passwords next...

          I thought it already was...

      2. Anonymous Coward
        Anonymous Coward

        Re: Boo. Hoo..

        you're absolutely wrong, security experts would NEVER lobby for that, it'd put them out of their jobs!

      3. AceRimmer

        Re: Boo. Hoo..

        Someones bought a time machine!

        http://www.pcpro.co.uk/news/361693/teenager-jailed-for-refusing-to-reveal-encryption-keys

        Under the Regulation of Investigatory Powers Act 2000, Part III, it is an offence to withhold passwords and the teenager was convicted last month of failing to disclose his key.

        Read more: Teenager jailed for refusing to reveal encryption keys | News | PC Pro

      4. Ralph B

        Re: Boo. Hoo..

        > They'll be making it a criminal offence to not just hand over passwords next...

        Hehe. With the 5s, despite all the encryption tech, it's actually easier for the cops to unlock an iPhone than ever before: They merely have to hold your finger over the home button.

        1. James O'Shea

          Re: Boo. Hoo..

          "Hehe. With the 5s, despite all the encryption tech, it's actually easier for the cops to unlock an iPhone than ever before: They merely have to hold your finger over the home button."

          Won't do 'em much good if 'Touch ID' is turned off, as it is on my 5s. And, oh, I've changed the silly 4-digit, numbers only, passcode to the alphanumeric multi-character passphrase. the poor lads will have to put some effort into breaking in.

    2. Allan George Dyer
      Facepalm

      Re: Boo. Hoo..

      @Grikath - so, you're saying Apple are criminals?

  6. stu 4

    solid state wiping

    So.. what's the science here then ?

    I understand wiping a HD to zeros, can still be read with electron microscope.

    but if you wipe solid state with zeros... how on earth can you get anything back even it if isn't encrypted ?

    1. Dave 126 Silver badge

      Re: solid state wiping

      Not an electron microscope, but a magnetic head with greater resolution than that which normaly lives in the drive. The drive is dismantled into individual platters before hand.

      Which is why you don't use zeroes. Instead you use randomn data, and several passes at that. Nuke n Boot does this, and OSX has an option to do the same to user-erased data on the fly. Of course this incurs a performance penalty.

      I'm sure there have been some papers published on recovering data from solid state storage.

    2. Charles 9

      Re: solid state wiping

      In this case, it's not zeroes. The flash is encrypted at the partition level, so it all looks like noise. The wipe wipes out the key needed to make it make sense, and it probably does this by putting a new key in its place.

      1. TRT Silver badge

        Re: solid state wiping

        Encryption key not derived from e.g. fingerprint sensor. Factory reset would then require copious amounts of strong acid.

  7. Anonymous Coward
    Anonymous Coward

    I'd say this is a PLUS for Apple from a user point of view.

    Funny how the government want's it's own stuff to be secure / encrypted but for the rest of us plebs - nah...

    1. Anonymous Coward
      Anonymous Coward

      "Funny how the government want's it's own stuff to be secure / encrypted but for the rest of us plebs - nah..."

      Like teachers and pupils, troop leaders and scouts, parents and children. Officers and enlisted men. Wardens and prisoners. Abductors and abductees. Cunts and the rest of us.

  8. Anonymous Coward
    Anonymous Coward

    Hmm so do I trust Apple who control the device hardware / software / cloud end-to-end and specifically build in security enhancements like fingerprint readers / encryption chips or Samsung / others plus Google (who make their profits specifically mining your data / selling ads on the back of it).

    Think it's a win for Apple.

    1. Crazy Operations Guy

      You could say the same about BlackBerry

      Except they don't have the disadvantage of being in the USA where access to your data is one crooked judge away (Any judge working for a secret court is the epitome of amoral and corrupt).

  9. Vociferous

    You can't simultaneously have good privacy and easy recovery of data.

    It's conflicting goals. And privacy should have precedence.

    1. Charles 9

      Re: You can't simultaneously have good privacy and easy recovery of data.

      Over and above the customer's wishes (as in "The Customer is Always Right")?

      1. Vociferous

        Re: You can't simultaneously have good privacy and easy recovery of data.

        As the customer has control over his data, I don't see any conflict. Care to enlighten me?

  10. Anonymous Coward
    Anonymous Coward

    Felons wanting

    felons, would-be felons, always-wanted-to-be-a-felon felons, past felons and future ones, we're all felons, unless proven felons.

    1. Anonymous Coward
      Anonymous Coward

      Re: Felons wanting

      Three times a day, on average.

  11. Anonymous Coward
    Anonymous Coward

    iCloud

    If the phones been wiped there'd be no association between the phone and the iCloud account so how exactly would you propose you get at the cloud stored data?? You'd have to know their user id or some other kind of identifiers which if all you have is a blank phone isn't much help. Sure if the "hackers" are the CIA, know who are and could demand Apple hand over the info for person X then they could get at it, fail to see how anyone else could.

  12. 45RPM Silver badge

    Typical Reg

    You Reg. You are a card. Apple is too lax on security - bad Apple, naughty Apple. Apple is too tough on security - bad Apple, naughty Apple. And yet you still manage to make a nasty mess of love custard in your pants whenever a new bit of fondleable hardware gets shovelled out of Cupertino.

    It's an object lesson in having your cake and eating it. Or, at least, trying to.

  13. Brenda McViking
    Black Helicopters

    This Story

    Bought to you by the NSA, who actually can break in easily but they want you to think it's secure so that you get rid of the blackberry which has them stumped.

    Next week: The dangers of letting terrorists into your computer by using TOR

  14. Drs. Security

    agreed.

    Seems forensic guys have become lazy :)

    I propose all hardware (mobiles, tablets, computers) to have encryption by default and "remote" wipe functionality.

  15. Anonymous Coward
    Anonymous Coward

    Apple stock better climb now...

    as this is the best endorsment of the iPhone's reset feature anyone could ask for.

  16. Henry Wertz 1 Gold badge

    Yes, thanks Apple!

    No seriously, thanks. I'm no Apple fan, but if I wipe a device I don't expect someone to be able to poke around the phone for 30 seconds and recover my data. Apple's device behavior is therefore correct.

  17. Anonymous Coward
    Anonymous Coward

    Is this an advert?

    A wiped phone is a wiped phone.

    What has it got to do with encryption?

    Off with your finger!

  18. Cooker

    Missing the point?

    It is possible to encrypt your data on almost all of the platforms, the difference here is that apple are implementing it by design for everyone with an iPhone. Most people with droid phones simply wouldn't know how or care to encrypt making the lives of people who want your data easier.

  19. Anonymous Coward
    Anonymous Coward

    Wrong at the start, so the rest is untrustable...

    "a factory reset not only wipes data"... no, it does not. Flash is fast, but it's not *that* fast, and there's no need - wiping the key renders all un-wiped data useless, so, no need to wipe it anyhow.

  20. Anonymous Coward
    Anonymous Coward

    Not entirely accurate

    Assuming that (insert TLA here) has a quantum computer then it is entirely possible to reverse Apple's whole device encryption so the problem becomes "how wiped is wiped?"

    I've done some experimentation with fried Ipod Touch's which use the same Tosh!ba chips and the data is still assuredly there even after a factory reset until overwritten by the next sync.

    Can be retrieved using power extremes, supercooling or reading the memory back in a strong multi-Tesla magnetic field (!)

    Also the key is backed up in the same chip that stores the uSSID, MAC address and device ID along with the unique code(s) Apple assign to the device to allow Itunes to sync.

    One reason why to avoid "Icloud locked" boards like the Plague, they are totally worthless for spares.

This topic is closed for new posts.

Other stories you might like