Security concerns when replacing devices
The earth just moved a little on it’s yearly turn around the sun … the 3rd version of Apple’s iPad has arrived! ALLELUIA!! (Sorry, I forgot, it’s Lent … think: alleluia). 🙂
Someone in your family is going to run out and purchase this really hot item. They will then want to sell their old one on eBay or give it to a friend.
Whoa, not so fast … there is a very important consideration before doing that: You need to insure that the old device is wiped of personal information prior to allowing anyone else to have it. There has been plenty of discussion on this topic. Check out this article by PC Week.
For an iPhone (3GS or later) and any version of iPad, this is remarkably easy. It turns out that these devices are fully encrypted with 256 bit AES encryption (see the glossary for an explanation). All one needs to do is remove the key and the data is not accessible.
So, if you purchase a new iPad and want to wipe your old iPad, follow the following steps:
- If you haven’t already done this:
- Sync your old device to iTunes. This will insure that all your apps and data will be properly moved to the new device
- Setup and sync your new device. After this is done, I’d look through the new device to insure all is well before progressing to the next step.
- On your old device, do the following:
Press Settings->General->Reset, which brings you to this screen
Press “Erase All Content and Settings”
Confirm you really want to do it … then wait. It may take up to 2 hours, because besides removing the encryption key, it also writes a series of ones through all of memory to really blast the old data.
Finally, if on the AT&T network, remove the SIM card and return the empty SIM card tray to the device. BTW: The instructions show a SIM card removal tool. However, a regular sized paper clip will work just as well. Your SIM card may or may not have personal data on it.
What about other devices??? That turns out to be device specific. The other big smart phone market is Android. Here’s an article about preparing your Android phone for resale by the guys from the TV show Myth Busters. I don’t know if any Android or Windows phone makers also encrypt their phones, which would be the more secure method to insure your data isn’t retrievable. If you have more information, please comment.
One final thought: What about other devices on your network, like that network attached Wii or PlayStation? Though the data on them is less personal, they do have the credentials for your internal wireless network. For any device on your network that your plan to get rid of, reset the device to the factory settings.