Automating iPhone remote wipe

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A406 Safari/7534.48.3)

Have someone designated to remote wipe the phones sat in a safe house monitoring who gets caught.

 

Find my iPhone does this already. You log into iCloud, select the Find My iPhone option, and can locate, lock or wipe your phone remotely.

It's also possible to set the iPhone up to wipe itself after 10 failed lock code entries.

 

Sometimes the best tools don't need to be re-invented.

Are you saying that it'll be any easier for them to say "sure Officer Oppressor Sir, before you drag me away, let me go borrow someone else's cell phone and send a surreptitious text or push notification to my mobile that you're confiscating to wipe any useful information you might glean from it."? DOn't you think that might be the least bit suspicious?

Actually, that might be the best thing to do. Or set a complex lock code and have the authorities try and play with that for a while, hoping they get it right in 10 tries or lose all the data on the dvice.

No.

 

Just a thought, why not password protect it, and set it to wipe after 10 incorrect tries?

 

What might the authorities do to the poor victim if they found out he has wiped the phone??

 

Sooooo would that not indicate then that the user could just wipe the phone directly, since they have access to it? It's four taps from the home screen to wiping the iPhone.

Perhaps this isn't being explained well enough, but it seems like what you're proposing is that a political prisoner-to-be access some remote location and initiate a commend to do the wipe. However, iCloud was shot down... so how is any other remote service going to be any easier to access?

And having momentary but direct access to your iPhone, as suggested in another scenario, would completely obviate the need for anything remote since you can do the wipe right from the phone.

In any case, Apple doesn't just give any app or predetermined SMS carte blanche to wipe the filesystem for security reasons (you don't, for instance, want Idarat al-Amn al-Amm to discover this API, and wantonly issue commands to wipe all iPhones of suspected protestors in Syria).

The one non-Apple system that WOULD have remote wipe access would be an MS Exchange server, but security keys would have to be exchanged in advance, and would also imply that you have control of other aspects of the phone as well (configuration, restrictions to do things like install/uninstall apps, etc.). Outside of iCloud or MS Exchange, you'd have to jailbreak.

Oh, one other wrinkle for anyone with an iPhone in a politically sensitive situation: starting with the iPhone 3GS and iOS 3.0.x, "wiping" the iPhone doesn't actually wipe the data from the device. It used to on previous models, but a full wipe would take forever (up to an hour on a 32GB model). What's done now is that the the file system is hardware encrypted, and a "wipe" consists of destroying the encryption key used to unlock the filesystem. The idea is: no security key, no access to the encrypted data. A new key and filesystem are created as part of the reset, and the old filesystem is slowly overwritten with use.

The problem here is, you obviously have to hope that no weaknesses exist in the hardware encryption scheme. If a loophole ends up being discovered, it could be possible to decrypt the filesystem and access your data. So far no such security compromises have been discovered. But that's no guarantee it will in the future.