Securely Erasing an iPhone

Q: In your article last week on resetting and erasing an old iPhone before selling it, I was concerned when you mentioned that the erasing process “should only take a few seconds.” Does this actually securely erase my data? It seems too quick, and I thought that a secure erase required the iPhone to write over every bit of the memory—in fact I thought Apple changed this years ago in response to somebody discovering that they could get information even off a “wiped” iPhone. I know when I used a tool to “securely wipe” my computer hard drive before I sold it, it took a lot longer than “a few seconds” to do so. I’m very concerned about the confidentiality of my data—is there another method I should be using to wipe my iPhone before I sell it?

– John

A: The Erase All Content and Settings option built into the iPhone is definitely a secure erase method, so there’s nothing you need to worry about.

You are correct that the original iPhone did not securely erase user data at all, prompting Apple to change this behaviour in iOS 2.0 to actually do a bit-by-bit wipe of the flash memory—a process that took anywhere from 1-3 hours, depending on the capacity of your device.

However, with the iPhone 3GS and iOS 3.0, Apple introduced hardware-level encryption expressly for the purpose of facilitating a fast, secure wipe process. This was likely inspired by the advent of the “Remote Wipe” feature introduced with Find My iPhone at the same time; it only made sense that if you lost your device, you wanted to be able to ensure that it was securely wiped quickly to prevent the process from being interrupted once it began.

The standard hardware encryption doesn’t specifically protect your data during normal use, since it uses a generated device-specific encryption key rather than anything tied to your device passcode (see iOS Encryption and Data Protection). However, since everything stored in your device’s flash memory is encrypted with this key, all that the Erase All Content and Settings option needs to do is securely wipe the encryption key—a process which takes mere seconds—and everything else in your device’s memory is left as an unintelligible glob of encrypted data, even to somebody who decides to take the memory chips out of the device and forensically examine them.

This hardware encryption has been included in every iOS device released since 2009; even with the latest version of iOS, however, pre-2009 devices such as the original iPhone, iPhone 3G, and first- and second-generation iPod touch still use the old, slower bit-by-bit secure erase method.

Latest News