Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Wiping your mobile devices - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Wiping your mobile devices

Some recent emails to the Storm Center have further focused our attention on the need to wipe your mobile devices if you intend to sell/donate/pass them along.  I have a large box of mobile phones that I have done nothing with as I dont feel confident in the manufacturers suggestions for wiping data.  Many of them just involve resetting settings back to default, which in most cases just leaves all your information in memory.

My recommendation would have to be to do a complete wipe of the device, then reflash the system.  In most cases though, this is easier said than done.  For example, one recent post  (Rich Mogul from Securosis suggested reflashing the iphone, then un-checking the sync functionality for contacts, calendar etc.  Following this, fill the iphone with music and sync three times.  Then reflash to default, and sell your "clean" iphone.

I would prefer to do a bit by bit wipe of devices if I were to part with them ...

<comment> you can have my iphone when you pry it from my cold dead hands </comment>   :-)

I would be interested in hearing peoples stories/tips for wiping mobile devices and or performing forensics on mobile devices.  

Here are some links to Forensics hardware and software.

Links to articles on wiping iPhone and Blackberry:

Mike Poor, H.O.D.

Intelguardians, Inc




49 Posts
May 23rd 2008

Sign Up for Free or Log In to start participating in the conversation!