Wiping your mobile devices - SANS Internet Storm Center

Wiping your mobile devices
Some recent emails to the Storm Center have further focused our attention on the need to wipe your mobile devices if you intend to sell/donate/pass them along. I have a large box of mobile phones that I have done nothing with as I dont feel confident in the manufacturers suggestions for wiping data. Many of them just involve resetting settings back to default, which in most cases just leaves all your information in memory. My recommendation would have to be to do a complete wipe of the device, then reflash the system. In most cases though, this is easier said than done. For example, one recent post (Rich Mogul from Securosis http://securosis.com/2008/05/20/formatting-an-iphone-to-wipe-data/) suggested reflashing the iphone, then un-checking the sync functionality for contacts, calendar etc. Following this, fill the iphone with music and sync three times. Then reflash to default, and sell your "clean" iphone. I would prefer to do a bit by bit wipe of devices if I were to part with them ... <comment> you can have my iphone when you pry it from my cold dead hands </comment> :-) I would be interested in hearing peoples stories/tips for wiping mobile devices and or performing forensics on mobile devices. Here are some links to Forensics hardware and software. http://www.paraben-forensics.com/handheld_forensics.html http://www.hex-dump.com/PB/index.html http://www.gsmserver.com/software/gsm_products.php Links to articles on wiping iPhone and Blackberry: http://securosis.com/2008/05/20/formatting-an-iphone-to-wipe-data/ http://www.bbgeeks.com/blackberry-guides/guide-to-wiping-your-blackberry-88202 Mike Poor, H.O.D. Intelguardians, Inc	Mike 49 Posts May 23rd 2008
Thread locked Subscribe	May 23rd 2008 1 decade ago