Question Regarding Encryption And File Recovery

[homeimsecure]

Hi all,

First of all I'd like to say I do not have a tech background so I apologize if there's something obvious I don't understand.

I recently broke my jailbroken iPhone 6+ and am preparing to send it back in to be replaced by the insurer. I can not do anything on the phone, but it does turn on and I've been able to restore it back to factory settings, unjailbreaking it and updating it to whatever the most recent firmware is.

My concern is that I am paranoid and do not want any data (including files that were previously deleted) recoverable by anyone. I do not know if insurance companies fix these and then resell them or what, but I want to make sure nothing is recoverable.

It is my understanding that iPhone data is encrypted, and when the iPhone is restored, the encryption key is destroyed and even if the data were recovered, it would be unreadable because it would be unable to be decrypted. Is this correct? Does this include deleted files (pictures, documents messages?)

I have tried overwriting all the free space but it is difficult because the phone is unusable and my computer only allows me to sync directly after a restore. I can usually fill 70 of the 128gb up before my computer freezes and I have to restore again and start over.

Anyway I was just wondering if I should have any concerns about anything being able to be recovered, even if I'm unable to overwrite all of the free space.

Thank you so much for your time!

 

[bbrks]

Restore and setup as new and no syncing with iTunes. That's all you need to do.

 

[homeimsecure]

So it is correct that nothing at all can be recovered after restore?

I can't do anything at all on the phone, if I just restore and unplug it, will it be fine?

Thank you for your help.

 

[bbrks]

What I told you above is all done through iTunes, so yes, you will be fine....

 

[homeimsecure]

Sorry to ask, but is it correct that it is because of the encryption? Were deleted files also encrypted?

 

[homeimsecure]

I know the encryption key is wiped when using 'Erase all content and settings' but is this also the case when restoring through iTunes?

 

[rigormortis]

when you erase the iPhone , its 256 bit key is erased from a part of the iPhone called ' effaceable storage ' . this is part of the iPhone's memory that apple believes cannot be retrieved, unlike other type of flash memory. your data is left behind and because there is no longer a key, it is unreadable.

before the iPhone 3gs, the old iPhones were like android phones today, you had to keep them plugged in for 2 hours to be erased. and because of flash memory, it still was possible to retrieve data off the phone, because erasing flash memory isnt the same as erasing magnetic memory

there has been numerous tests where erased android phones were purchased from eBay, and the previous owner's data was retrievable.

android users are warned to write something to erase their phones, write junk data to their phone and then erase it again.

none of this is anything you have to worry about, because the iPhone has AES-256 hardware encryption but into their CPU

when you setup a new phone or restore a new phone , a new key is generated. this key is not stored in itunes. itunes has nothing to do with the internal encryption of the iPhone

the one thing , and your probably not going to like it is jailbreaking. once you jailbreak your phone, your key could of been read and stored elsewhere.

thats one of the things that can happen. once you jailbreak your phone and store the key somewhere else. you can retrieve data off the iPhone , even if it is erased.

the jailbreak could of copied the key in the main memory

 

[homeimsecure]

Thank you, this was very interesting and informative.

I assume even if the old key is still there because of the jailbreaking (curious how likely this is) how it could be used to decrypt old files? I mean, the old files themselves are still encrypted right, and if there is now no passcode on the phone, how can that key ever be used? If I've interpreted Apple's security white paper correctly, decryption must be done on the device itself so I'm not sure how this would work.

I assume even if it were possible it'd require special forensic software that whoever ends up with my phone, or even my carrier themselves don't have access to. At this point I think it's safe to assume my data is likely safe, but this has gotten really interesting to me. Kudos to Apple for their fantastic security and thanks again for your response.

 

[thisisnotmyname]

If you are seriously worried about any content on the phone physically destroy it. If there is a real concern the $1000 or so (typically less) to buy a new replacement would be nothing compared to the financial or emotional fallout.

With a typical iPhone on iOS 8+ I would not worry a bit about resetting and passing off the device and I'm typically quite security conscious. However, given the jailbreak - although unlikely that anything has happened to compromise you in this scenario - by definition you have bypassed Apple's protections and all bets are off. Refer back to my original statement and decide whether you feel you are risking more than $1000 by not replacing the device.