Do we need to worry about leaking of personal info if we sell our iOS devices later?

Discussion in 'iPhone' started by hajime, Mar 10, 2018.

  1. hajime macrumors 603

    Joined:
    Jul 23, 2007
    #1
    Hello, iPhone and iPad register the fingerprint, 1password, cloud storage, etc. I know that iOS has a function to erase all these data for those who are selling or returning their devices. Can the bad guys still retrieve those information?
     
  2. ApfelKuchen macrumors 68030

    Joined:
    Aug 28, 2012
    Location:
    Between the coasts
    #2
    The data on your iOS devices is encrypted. When you Erase All Content and Settings, the encryption key is erased, leaving no easy way to decrypt the data left on the device. For all practical purposes, your data has been "erased."

    But when you ask "can the bad guys still retrieve those information..." there are no guarantees. If the "bad guys" have plenty of money and plenty of time, there may be a way to get your info - there are companies that charge huge sums for just such services.

    Basically, if you're an average person, nobody is going to spend that kind of money or effort to crack into your former iPhone. I have to assume you are an "average person," because anyone whose information is valuable enough to make the effort profitable already have security departments to ensure that the information is properly protected. Those security departments will likely require the device be incinerated or turned to powder. They certainly would not allow that device to be traded in or given to someone else.
     
  3. hajime thread starter macrumors 603

    Joined:
    Jul 23, 2007
    #3
    Thanks. I am a bit concerned about having the thumb info stored in the device. Can I use my toe to lock/unlock an iOS device?
     
  4. DeltaMac macrumors G3

    DeltaMac

    Joined:
    Jul 30, 2003
    Location:
    Delaware
    #4
    You don't have to use your thumb at all.
    You can store up to 10 individual fingerprints in touchID.
    You don't even have to use fingers.
    I have one "finger" registered to my nose. It works every time that I try it. Looks (and feels) a bit odd, but it works.
    If my nose works, a toe could certainly be used to unlock your device.
    I think my nose would be more practical in most situations, rather than a toe -- but sure, use your toe. I think that will be challenging to get a good, usable print - but I have never tried that.
     
  5. chscag macrumors 68040

    chscag

    Joined:
    Feb 17, 2008
    Location:
    Fort Worth, Texas
    #5
    If the FBI had to use a special Israeli company to crack the San Bernardino terrosist couple's 5c pass id, I think your iOS devices should be secure enough if you wipe them before selling. :rolleyes:
     
  6. eyoungren macrumors Core

    eyoungren

    Joined:
    Aug 31, 2011
    Location:
    ten-zero-eleven-zero-zero by zero-two
    #6
    It's called 'Secure Enclave'.

    From Apple:

     
  7. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #7
    First and foremost, make sure you have a very secure Apple ID password. That means, using an obscure passphrase that doesn't make any sense, can't be easily known about you, and one that you can remember. If you haven't done so already, turn on Two Factor Authentication for your account. The advice applies to your 1Password account, and any other Apple Store apps that contain personal information.

    If the aforementioned has already been done, make sure that your iOS device has a strong passcode. I suggest (at a minimum, a 6 digit passcode. I use a 12 digit code. Other people go even further and employ a long passphrase. If you are married, the only other person that needs to know your passcode is your wife.

    Lastly, follow the advice of the seasoned members here, and you will be fine, in regards to passing your phone on, once it has been properly erased and you have signed the device out of iCloud.
     
  8. tonybarnaby macrumors 65816

    Joined:
    Dec 3, 2017
    #8
    Yikes..
     
  9. joeblow7777 macrumors 603

    Joined:
    Sep 7, 2010
    #9
    Log out of icloud. Erase/reset phone. You’re good to do.
     
  10. Five_Oh macrumors regular

    Five_Oh

    Joined:
    Jan 7, 2017
    Location:
    Flyover Country, USA
    #10
    Your toe? Why even use Touch ID then? It's supposed to be a way to have good security on your phone, but still convenience for daily use. I can't image using your toe print accomplishes this.
     
  11. Relentless Power macrumors Penryn

    Relentless Power

    Joined:
    Jul 12, 2016
    #11
    I also think that seems a bit odd, if somebody was really concerned about their security other then touch ID, alpha-numeric encyption would be the other suggested method.
     
  12. Newtons Apple macrumors Core

    Newtons Apple

    Joined:
    Mar 12, 2014
    Location:
    Jacksonville, Florida
    #12
    I suspect you and the OP come from different backgrounds.
     
  13. Five_Oh macrumors regular

    Five_Oh

    Joined:
    Jan 7, 2017
    Location:
    Flyover Country, USA
    #13
    Possibly. I still don't see how using a toe would be more convenient than a passcode.
     
  14. Glideslope macrumors 603

    Glideslope

    Joined:
    Dec 7, 2007
    Location:
    A quiet place in NY.
    #14
    Alpha-Numeric should always be ones choice. :apple:
     
  15. DeltaMac macrumors G3

    DeltaMac

    Joined:
    Jul 30, 2003
    Location:
    Delaware
    #15
    If it is quite cold outside, and you don't want to remove your non-conducting gloves, then using a toe to unlock your phone would be a better choice. You wouldn't want your tender little fingertips out in the cold!:rolleyes::confused:
     
  16. maerz001 macrumors 65816

    maerz001

    Joined:
    Nov 2, 2010
    #16
    Well it would be easier to get your fingerprint elsewhere from what you touch.

    And if someone is so important that someone else cares, the person probably doesn't need the few bucks from selling old phones
     
  17. NoBoMac macrumors 68020

    NoBoMac

    Joined:
    Jul 1, 2014
    #17
    In addition to the info provided on Secure Enclave, if I recall correctly, your "fingerprint" is not really the fingerprint. Your fingerprint scan gets converted to a numerical representation in the Secure Enclave. So if it WERE possible to extract information from an erased phone, Bad Guy could not recreate/use the fingerprint outside of iOS ecosphere (and even then, doubt it is useful).

    As others have mentioned, erasing the iOS device causes the device to reencrypt the storage (ala full disk encryption). So, your old data was already encrypted with a now erased random key, and is now encrypted a second time with a whole new random key.

    On top of that, each individual file on the device is encrypted with their own unique key, and that key is encrypted with a different key, and then that encrypted value is encrypted with yet another key.

    Great read: https://www.apple.com/business/docs/iOS_Security_Guide.pdf

    So many layers of security in place, that again as mentioned earlier, you need to be someone REALLY important and dealing with REALLY important information to invest the many $$$ and large amount of time to crack an erased iOS device.
     
  18. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #18
    Good post NBM. I had forgotten all about the fingerprint aspect you brought up.
     
  19. Relentless Power macrumors Penryn

    Relentless Power

    Joined:
    Jul 12, 2016
    #19
    I agree , but others won’t utilize alpha numeric as their primary sometimes because it’s too “Long of a password” or they simply “Can’t remember it.” Consumers want whats easiest and most convenient, which touch ID and Face ID are examples of seamless access, I would also say it depends how someone values their security and what method they choose.
     

Share This Page

18 March 10, 2018