Comments on: Limitations of Data Protection in iOS 4

By: Paul

Paul — Tue, 13 Sep 2011 17:09:25 +0000

I think that admin is right.

Long story short, I misplaced my iPod for 3 weeks, thought it was gone for good, and initiated remote wipe via Exchange server to wipe the iPod. I had given it permission earlier to do so on the iPod side. Unfortunately the iPod had powered off and never got the message until I happily found it and re-entered my new Exchange password… As soon as it connected the wipe went through, device powered off.

Turned it on and it needed to be reconnected to iTunes. I re-added the device and didn’t resync any of data or music. I then jail broke it and made a disk image with dd, ran PhotoRec on it. I’ve tried it with Intel (Mac i386) partition type as the option and I was unable to recover any of my photos. I’m trying it again now with “Mac” partition selected.

Not looking good though.

By: Daan

Daan — Thu, 03 Feb 2011 14:41:15 +0000

Anthony,

Do you know if this is still the case for iOS 4.2.1 and the on all platforms like the iPad.
The security documentation of Apple on the iPhone does mention the fact that data protection is only enabled for Email and its attachments and/or applications that uses the Data Protection API.
http://images.apple.com/iphone/business/docs/iPhone_Security.pdf
An acknowledgement of this fact was the vulnerability where one could call/access the addressbook by the ### emergency call showing that not all data was actually encrypted with the users key/password.

This is however no longer mentioned in the documentation for the iPad:
“iPad offers 256-bit AES encoding hardware-based encryption to protect all data on the device. Encryption is always enabled and cannot be disabled by users.”
http://images.apple.com/ipad/business/docs/iPad_Security.pdf

By: Apple and their elusive Full Disk Encryption solution - Encryptsolutions

Apple and their elusive Full Disk Encryption solution - Encryptsolutions — Tue, 25 Jan 2011 18:49:00 +0000

[...] and what I found puzzled me… The following information can be found in the following article: http://anthonyvance.com/blog/forensics/ios4_data_protection/ iPhone full disk encryption seems to have been implemented with one purpose in mind: [...]

By: Forrester’s iPhone Article | HackerSafe Security Related Blog for all

Forrester’s iPhone Article | HackerSafe Security Related Blog for all — Mon, 16 Aug 2010 05:34:45 +0000

[...] Each App can now have a separate data container with its own encryption keys. Check out Anthony Vance’s blog post . Only Mail by default is encrypted this way. Each app developer would have to [...]

By: admin

admin — Fri, 06 Aug 2010 05:40:55 +0000

Clive:

I haven’t tested this, but my understand is that the “Erase All Content and Settings” option does erase the 256-bit key used to encrypt the file system. Once the encryption key is erased, the data on the phone is unrecoverable.

By: Clive

Clive — Wed, 04 Aug 2010 17:22:54 +0000

Great article - One of the few ios 4 data protection write ups I could find via google. One question. Clearly there are limitations with successfully executing a remote wipe, however how secure is using the erase all data and settings feature with iPhone 4? Your article indicates that the 256-bit encryption key is erased, but does this process truly secure personal data from being recovered? Any idea if the device writes over the deleted key? Trying to gauge the risk of using the device for business and inevitably selling it in the future when the next “best” thing comes out or the dropped calls push me over the edge first - Thanks

By: Core Data and Enterprise iPhone Applications – Protecting Your Data « Nick Harris

Wed, 14 Jul 2010 20:18:25 +0000

[...] information that’s available in the public domain (including this post about iPhone 3GS and this post about iOS4). But if you have access to the WWDC videos, Session 209 is a great [...]