Securely Erasing Your iPhone or iPad with a Power Drill(theintercept.com)
theintercept.com
Securely Erasing Your iPhone or iPad with a Power Drill
https://theintercept.com/2021/06/12/iphone-ipad-erase-power-drill/
30 comments
Plenty people would absolutely grab a folded-in-half iPad out of the trash. Scavenging parts for one (eg, a flash chip...).
The drilling in this case is to destroy data, not to stop someone investigating.
There can be great legitimate reasons to wish to do so, for example, a lawyer, journalist or doctor wishing to preserve innocent persons privacy. The reason doesn't have to always be nefarious as you maybe are imagining it to be.
The drilling in this case is to destroy data, not to stop someone investigating.
There can be great legitimate reasons to wish to do so, for example, a lawyer, journalist or doctor wishing to preserve innocent persons privacy. The reason doesn't have to always be nefarious as you maybe are imagining it to be.
Not environmentally friendly. Should send all your old devices to be recycled. Plus you might start a fire [1] in the garbage truck ;s
[1] https://news.ycombinator.com/item?id=35772099
[1] https://news.ycombinator.com/item?id=35772099
Picking through landfills for data sounds gross to you, but people do it. Find the keys to a crypto wallet, and you've won the lottery. Folding your iDevice in half won't remotely cover it.
Do we have any evidence or any stories of this actually ever happening? It’s among the most far fetched yet oft-repeated hypotheticals I hear these days.
Think of how rare it would be to find a working thumb drive or ssd in a landfill, amidst the mountains of literally everything else. Then think of the intersecting scenario of someone being foolish enough to store keys on a device they later throw out, while also leaving that wallet active elsewhere. I’m sure in a landfill somewhere such a treasure exists, I just don’t think anyone’s ever, ever finding it.
Think of how rare it would be to find a working thumb drive or ssd in a landfill, amidst the mountains of literally everything else. Then think of the intersecting scenario of someone being foolish enough to store keys on a device they later throw out, while also leaving that wallet active elsewhere. I’m sure in a landfill somewhere such a treasure exists, I just don’t think anyone’s ever, ever finding it.
> it's folded in half, obviously ruined, and covered in gross food waste anyway.
And still has your data on it. Last night's lasagna won't stop Mulder and Scully from taking it back to the lab, and in any year past 2010 it's fairly easy to extract the data from undamaged flash storage.
The "point" is that zeroing out these devices is hard, and recovering their data is comparatively simple. If you want to thwart the law, you'd better be ready to make some precision modification to your hardware.
And still has your data on it. Last night's lasagna won't stop Mulder and Scully from taking it back to the lab, and in any year past 2010 it's fairly easy to extract the data from undamaged flash storage.
The "point" is that zeroing out these devices is hard, and recovering their data is comparatively simple. If you want to thwart the law, you'd better be ready to make some precision modification to your hardware.
> If you want to thwart the law
Or, if you want to comply cheaply with the law, when data you may possess on an unresponsive device could be subject to data handling and disposal laws.
Or, if you want to comply cheaply with the law, when data you may possess on an unresponsive device could be subject to data handling and disposal laws.
This is not a legally-sound solution for secure data destruction of patient or client data, and could result in financial penalties and/or jail time, depending on how severe the violation. (I am not your lawyer, this is not legal advice.)
This. If you are a "person of interest" you can not escape, if you are not... why bother beyond protecting yourself from petty criminals?
If I don't want to generate a lot of mess, broken glass and heavy metal residue, does anyone have a recommendation for an affordable service to securely shred old devices in a trusted and transparent way?
Commercially I've used some of the bigger services, but at home I have a growing collection of old phones and hard-drives which are too broken to easily recover, and so need destructive erasure.
I don't really trust the "just drop it off with some big corp" approach, and would rather somewhere that is more transparent.
Basically looking for the Iron Mountain "we shred it in front of you" type deal, but for non-big companies.
Commercially I've used some of the bigger services, but at home I have a growing collection of old phones and hard-drives which are too broken to easily recover, and so need destructive erasure.
I don't really trust the "just drop it off with some big corp" approach, and would rather somewhere that is more transparent.
Basically looking for the Iron Mountain "we shred it in front of you" type deal, but for non-big companies.
I have a friend who used to have a medical practice, and have destroyed a number of old phones and voice recorders for him in this or similar fashion, because he takes patient confidentiality very seriously. Also hard drives; their destruction wasn't quite so complete, but still probably beyond anyone but a nation-state adversary, and I don't think he has those (US state, sure, but that's another story).
I'm curious what evidence you provided, or were certified to provide, or even if that's required for medical data.
Coming from the financial field we often had staff want to do fun and destructive things with data storage as part of decom, but regulators (eg. SEC) and auditors (eg. for SOC, PCI, etc) always want evidence and a custody trail.
In practice that means a certified vendor who'll maintain a good paper trail and provide back a certificate of destruction that means some NIST or similar type standard. Less fun, more paperwork, but less likely to cause trouble.
And it doesn't mean their destruction is any better either, just that the associated red tape is.
Coming from the financial field we often had staff want to do fun and destructive things with data storage as part of decom, but regulators (eg. SEC) and auditors (eg. for SOC, PCI, etc) always want evidence and a custody trail.
In practice that means a certified vendor who'll maintain a good paper trail and provide back a certificate of destruction that means some NIST or similar type standard. Less fun, more paperwork, but less likely to cause trouble.
And it doesn't mean their destruction is any better either, just that the associated red tape is.
No documentation or particular methods required. I think that https://www.hhs.gov/sites/default/files/disposalfaqs.pdf is equivalent to the guidance at the time, and it just requires ‘reasonable safeguards’.
> For PHI on electronic media, clearing (using software or hardware products to overwrite media with non-sensitive data), purging (degaussing or exposing the media to a strong magnetic field in order to disrupt the recorded magnetic domains), or destroying the media (disintegration, pulverization, melting, incinerating, or shredding).
> For PHI on electronic media, clearing (using software or hardware products to overwrite media with non-sensitive data), purging (degaussing or exposing the media to a strong magnetic field in order to disrupt the recorded magnetic domains), or destroying the media (disintegration, pulverization, melting, incinerating, or shredding).
If you can destroy the storage encryption key by wiping the Secure Enclave (like during a reset) then unless AES is broken then your data should be safe.
Edit: I’d love to hear about crazy flaws in this.
Edit: I’d love to hear about crazy flaws in this.
On some level, you're right. Anything that isn't a zeroed out drive still contains data on it, though. If, say, Apple kept a copy of your drive key or had a backdoored derivation function, recovering your data would be as simple as a call to Cupertino. Failing that, the adversarial Powers That Be can easily generate a disk image to keep around for when AES is broken (or when it's possible to quickly bruteforce it).
This is for people who want to go a step beyond that. The next-best-thing to shredding the disk, you might say.
This is for people who want to go a step beyond that. The next-best-thing to shredding the disk, you might say.
This is fine, and is far less annoying to do. There are no known flaws in that approach, when it’s available. However, as noted in the article, their focus here is exclusively on destroying data when the device is unresponsive and cannot invoke a secure enclave wipe through software means.
[deleted]
Y ya
Si ya
Todos
Take out the battery and microwave it, shredders also work on small boards even cheap shredders just beware of the dust.
Thermite works better. It's also easy to make and fun to use. Just be slightly more careful than the typical YouTuber.
Thermite carries a much higher risk of damage via inhalation, exposure, and both primary and secondary combustion. While it may result in what seems to be more conclusive destruction of the chip, I hesitate to recommend its use over a simple power drill.
there are shredding services that can handle devices like phones, are there not?
Or the bench vise in your garage could crumple it up pretty well. Of course then you have to dispose of the wreckage.
Or the bench vise in your garage could crumple it up pretty well. Of course then you have to dispose of the wreckage.
A bench vise might not necessarily destroy the chip at all, unless care is taken to crush the chip itself from edge to edge somehow, or to flatten the chip itself to the point of small fragments — having separated it out from the rest of the phone, at which point drilling is easier.
Seems like an awful lot of work when you could just bash it with a sledge hammer.
I guess in this case you avoid concerns about lighting the battery on fire. But that would probably help with the data erasure too :)
I guess in this case you avoid concerns about lighting the battery on fire. But that would probably help with the data erasure too :)
> in this case you avoid concerns about lighting the battery on fire.
You can also do that by visiting iFixit to learn you were the battery is.
I also would drill from the back. That way, you don’t have to take off the screen first (if you fear drilling too far, put duct tape on the front of the screen first, to decrease the number of glass fragments that would be created)
You can also do that by visiting iFixit to learn you were the battery is.
I also would drill from the back. That way, you don’t have to take off the screen first (if you fear drilling too far, put duct tape on the front of the screen first, to decrease the number of glass fragments that would be created)
By having a targeted drill bit insertion only on the memory chip, you're reducing the amount of unusable e-waste. Everything else about the iPad can be recycled into other broken iPads, including the metal back. The main board remains a potential donor board for specific chips that could be replaced.
Bashing an intact device with a sledgehammer does not materially increase the odds of data destruction occurring, as the relevant chips are protected against sharp shocks and blunt force trauma.
The scenario in which this fails is the FBI/etc are already watching you specifically very carefully and are going through your trash carefully. But if this is the case... good luck man. I don't think any amount of drilling will get them to give up and leave you alone.