Re: [Fed-Talk] Security wipe: good & bad news
Re: [Fed-Talk] Security wipe: good & bad news
- Subject: Re: [Fed-Talk] Security wipe: good & bad news
- From: Jeffrey Walton <email@hidden>
- Date: Sun, 19 Aug 2012 16:27:26 -0400
Hi Brian,
> I was initially under the impression that Remote Wipe
> REQUIRED Filevault 2 to be enabled. Now I'm not so
> sure. If Mat Honan did NOT have Filevault 2 enabled,
> that makes me feel a little better about its security.
It depends on the hardware and iOS version available. Earlier version
of Remote Wipe overwrote data; later versions encrypt everything on
the DMA data path (regardless of a passcode) and wipe the block(s)
with the Keybag keys.
If you have iOS 4 (or above) and an more recent processor (A2 or A3?),
you fall into the "later" group.
Some more reading is available at
http://esec-lab.sogeti.com/dotclear/public/publications/11-hitbamsterdam-iphonedataprotection.pdf.
As a non-Enterprise user, he also likely needed an iCloud account,
similar to the "Find My Phone" entanglements. I found iCloud terms of
service to be so obscene that I want ednothing to do with the it.
Jeff
On Sun, Aug 19, 2012 at 3:30 PM, Brian Reese <email@hidden> wrote:
> This article gives some more details on Remote Wipe:
>
> http://www.macobserver.com/tmo/article/how_to_wipe_a_mac_remotely_with_icloud_and_get_the_data_back/
>
> I was initially under the impression that Remote Wipe REQUIRED Filevault 2 to be enabled. Now I'm not so sure. If Mat Honan did NOT have Filevault 2 enabled, that makes me feel a little better about its security. It sounds like Remote Wipe just starts zeroing out data if Filevault is not used, so if you can interrupt that process, its possible to recover the data like he did. It also explains why 25% of the data was zeroed out and the file system table was absent (recovered files had lost file names and other metadata).
>
> If Filevault 2 is enabled, my hope is that is that it first deletes the encryption key for the drive, like it does with the iPhone 3GS and later, making the data truly lost unless the key was saved somewhere else.
>
> On Aug 19, 2012, at 2:48 PM, David Poteet <email@hidden> wrote:
>
>> this is someone who hadn't done backups in a long time... is this also someone who would encrypt his hard drive?
>>
>> and he did not have any hard copies of his passwords, something I keep in a safe deposit.
>>
>>
>> On Aug 19, 2012, at 2:37 PM, "Pike, Michael (IHS/HQ)" <email@hidden> wrote:
>>
>>> Here is my question...
>>>
>>> Was his drive encrypted with FileVault? If it was and a Joe Schmoe company off the street can recover it, it makes me sincerely doubt iOS and apple security.
>>>
>>> Even further the fact a story said the NSA couldn't crack the data on a wiped iOS device tells me that NSA lied especially if Bob's data recovery company did it in a week.
>>>
>>> Mike
>>>
>>> Sent via my iOS 6 Device
>>>
>>> On Aug 19, 2012, at 11:06 AM, "Todd Heberlein" <email@hidden<mailto:email@hidden>> wrote:
>>>
>>> A follow-up on the story about Mat Honan having his iPhone, iPad, and MacBook Air wiped. It turns out he *was* able to recover much of his data. Great news for him, but bad news for security.
>>>
>>> Mat Honan: How I Resurrected My Digital Life After an Epic Hacking
>>> http://www.wired.com/gadgetlab/2012/08/mat-honan-data-recovery/
>>>
>>> My data came back to me on an external hard drive, organized by file types. The thing I cared most about, above all else, was my photo library. And there, in a folder full of JPGs, was photo after photo after photo that I had feared were gone forever. Subfolders were organized by the year, month and day files were created. I went immediately to the folder that bore the date my daughter was born. They were there. Everything was there. We were floored. I nearly cried.
>>>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden