Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Wiping your mobile devices

Published: 2008-05-23
Last Updated: 2008-05-23 21:16:51 UTC
by Mike Poor (Version: 1)
0 comment(s)

Some recent emails to the Storm Center have further focused our attention on the need to wipe your mobile devices if you intend to sell/donate/pass them along.  I have a large box of mobile phones that I have done nothing with as I dont feel confident in the manufacturers suggestions for wiping data.  Many of them just involve resetting settings back to default, which in most cases just leaves all your information in memory.

My recommendation would have to be to do a complete wipe of the device, then reflash the system.  In most cases though, this is easier said than done.  For example, one recent post  (Rich Mogul from Securosis http://securosis.com/2008/05/20/formatting-an-iphone-to-wipe-data/) suggested reflashing the iphone, then un-checking the sync functionality for contacts, calendar etc.  Following this, fill the iphone with music and sync three times.  Then reflash to default, and sell your "clean" iphone.

I would prefer to do a bit by bit wipe of devices if I were to part with them ...

<comment> you can have my iphone when you pry it from my cold dead hands </comment>   :-)

I would be interested in hearing peoples stories/tips for wiping mobile devices and or performing forensics on mobile devices.  

Here are some links to Forensics hardware and software.
http://www.paraben-forensics.com/handheld_forensics.html
http://www.hex-dump.com/PB/index.html
http://www.gsmserver.com/software/gsm_products.php

Links to articles on wiping iPhone and Blackberry:

http://securosis.com/2008/05/20/formatting-an-iphone-to-wipe-data/
http://www.bbgeeks.com/blackberry-guides/guide-to-wiping-your-blackberry-88202

Mike Poor, H.O.D.

Intelguardians, Inc

 

 

Keywords:
0 comment(s)
Diary Archives