Full Device Encryption (Windows Mobile) - General Topics

Hello folks,
Does anyone know of a way to encrypt an entire Windows Mobile device? I know we have the ability to encrypt the SD card in WinMo 6.1, but is there a way to encrypt the entire device? In case the device is stolen, it would be great if everything was inaccessible. I believe the company PGP has something like this for the BlackBerry RIM platform as a commercial platform. A solution like TrueCrypt for Windows Mobile would be great (http://en.wikipedia.org/wiki/TrueCrypt).
I know there is a remote 'self destruct' function if your phone is on a corporate Exchange server, but that function only works if your stolen phone has network access. A semi-smart thief would not permit network access of any kind once they 'acquire' the device from you.
Does anyone have any ideas? Thanks!

You can use the device lock policy and push it via exchange, you can set the device to wipe after x incorrect PIN entered. They can't access the SD card (because it's encrypted) or main memory (because the device is locked).
In terms of bricking the device, I think HP's iPAQs had a PIN tool that survived a hard reset, and some ROM chefs have offered to cook in Sprite Terminator which will also then survive a hard reset, but nothing can stop people from going into bootloader and reflashing to unbrick the device.

Try googling DOJOCRYPT..

try Utimaco SafeGuard.
they even offer a trial version. however be careful because you cannot uninstall it (only with hard reset)

Related

[Q] There's GOT to be a more secure setup... right??

Spent most of today trying to figure out how to secure my data on tp2 with SD card. Here's my thoughts and conclusions:
I can implement windows encryption on the SD card... but that becomes a huge obstacle to flashing / hard-resets (encryption key cannot be exported and card becomes unreadable after hard-reset).
I can buy some encryption software, but my impression is that the few I have found are either way expensive or only encrypt SD card (and it seems there is no reliable option for changing the location of Outlook data storage - other than e-mail attachments - to the SD card).
But even if I find encryption software, what is to prevent someone from taking my phone and using WMDC to create a partnership and synch the contents from the phone to their desktop?
And then there is the locking of my phone: setting the phone to require a password upon startup is tolerable, but it gets old pretty fast when I have to type the password each time the phone has been inactive for 7 minutes, so I'm looking at pattern locking software (throttlelock) instead. (i.e. I require security upon startup and after 7 minutes of inactivity).
Anyone figured out how to address all these issues? Any other possible breaches in security I have not mentioned?
With Regards-
Sam
HTC TP2, T-Mobile 6.5 ROM, Vista Ultimate 64
The other problem with encryption is corruption (although not very common it does happen) Try taking a look at this list and you might also want to try this which is a free alternative, hope this helps and best of luck!
Thanks -
Anyone else have any thoughts on this?

[Q] Nexus S Stock ICS "Encrypt Phone" details?

Hi all,
So I've got a new Nexus S, and I'm running the stock 4.0.3 from Google. This phone hasn't yet been rooted or had the bootloader unlocked.
I'm a big security fan, and I've read about how tools exist that can simply slurp all the data off a phone without even breaking a sweat, and I'd like to be able to defeat such abilities. Ideally, I'd even like to be able to have su access to a device as the authorized user and owner (This is a Wind Mobile Canada phone, the carrier has no stake in it at all). I remember hacking away at my T-Mobile G1, and being a little concerned that merely pressing a button to get into the recovery at boot-time would enable full access to everything on the device for a knowledgeable attacker.
So I see under "Settings - Security" there's an "Encrypt Phone" option. Google has documentation here for the Galaxy Nexus, but it lacks specifics.
Can anyone here provide or point me to proper details? What is encrypted, how is it encrypted, how strong is the encryption, how much impact does this have on performance and battery life?
*edit - I just found this. If I'm reading this right, this is FDE on the /data partition, which is very good. Still doesn't do anything for the sdcard/usb partition though.
Have you tried it? On my Nexus S 4g (which is, I grant you, slightly different) it DOES encrypt the sdcard as well. I'm interested in other's experiences with FDE. Particularly weaknesses and developing procedures for restoring/flashing after enabling FDE.
Hi,
As part of setting up a work email account, I had to encrypt my Nexus S including the SD card. Unfortunately, that meant that I could not access the SD card to transfer music, photos...or most importantly, new ROMs to flash. I did a factory reset, which seemed to be the only option to get rid of it.
I have now gone back to Gingerbread as it does not have full encryption as an option ( so allows me to keep my work exchange account with just a pin password) But I am keen to try ICS again.
Does anyone have any solution for accessing the SD card on an encrypted phone?
Cheers
What would be really interesting if there is a way to password protect the bootloader. Does anyone know?
Best regards,
SuperMaz

[Q] Broke the glass on my screen, now I have to give my phone to a technician...

Don't worry, it's a security question alright.
I live in Eastern Europe, which is on the far side of the Samsung support network and I have samsung galaxy s3 phone (GT-9300 i guess). My repair options look a little bit bleak. I must either ship it back to France, from where it is bought, or I must seek help of non-licensed technicians. Thank God, there are quite a lot around here and for problems like this they do wonders.
I am worried though that the technicians may try to meddle with the software of my phone and do something nasty with it while the phone is in their possession. I use the phone quite a lot to access various servers trough ssh and the servers contain semi-sensitive information about customers, phones, the equivalents of social security numbers in my country and etc. Of course I will delete my present information, but how about the future. If someone has hacked versions of the firmware, it will be a child game to get the passwords for my servers.
So I need to secure the software of my phone somehow and I'm not sure of my options, so I'm asking for advice which is better. I have experience with Linux, but about Android I'm a quite noob. I had my Amazon FireHD Tablet rooted and installed with CyanogenMOD, so I know a little bit about ROM images. The phone itself is unrooted with original software and is not locked to a carrier.
Should I:
1. Try to back up my entire ROM image?
There are various questions here. It looks that I cannot download standalone original ROM image directly from Samsung so I must back up mine. But in the bootloader (which opens with volume up/down + home + power) it seems that there are no options for backing up rom image, only for restoring trough ADB of SD card. Should I try to root, install alternative bootloader and then back up everything.
There is one very important sub-question here: Will the phone signal me somehow If someone replaces the original bootloader with say, non-signed one? What If someone changes the bootloader as well as the system image?
2. Should I try to ecrypt my phone.
I cannot get easily information about what exactly is encrypted. Pretty sure that the bootloader itself cannot be encrypted anyway. How about the system image. Is it encrypted ?
I'll be thanful for any help about these two ideas as well as any others?
If you are paying to have the repair done by an entity other than Samsung then you have a great option available. Just out of curiousity, what version of android are you running? If I were in your shoes, I would root the phone and install a custom recovery (either TWRP or Philz). This will allow you to take a complete nandroid backup of the phone to the external SD Card. Confirm the nandroid backup has been saved to the SD Card then remove the card from the phone and store it somewhere safe. Then perform a factory reset to completely wipe the phone and have your phone sent out to be fixed. When you get your phone back, insert the SD Card and restore from the backup. It will be just as you left it and the possibility that anyone has been able to access or tamper with your phone is almost nil... Apart from possibly large national security agencies whom are known for having catalogs of common electronic items that have been compromised in various ways.
I can't speak for your exact phone, but I am quite familiar with encryption as well as the US-model Galaxy S3's. Unfortunately Samsung is known for running their own encryption schemes with are different and most often weaker than the stock. Custom ROMs with generally have an implementation based on AOSP sources. A 4 digit PIN or common passphrase can be easily broken with either, but a sturdy encryption passphrase will almost certainly provide sufficient protection.
Without knowing the specifics of your phone and whatever TouchWiz it's running, I can say this much. If you enable encryption on your phone, it will encrypt /data (application data) at a very minimum. This will almost definitely not include /system. It will probably not include the external SD card or any of the actual applications (the .apk files). The encryption would keep your data secure at rest, but it wouldn't prevent a motivated attacker from installing a hidden malicious application in the system.
You are correct in that the bootloader cannot be encrypted.
84598432951
fadedout said:
If you are paying to have the repair done by an entity other than Samsung then you have a great option available. Just out of curiousity, what version of android are you running? If I were in your shoes, I would root the phone and install a custom recovery (either TWRP or Philz). This will allow you to take a complete nandroid backup of the phone to the external SD Card. Confirm the nandroid backup has been saved to the SD Card then remove the card from the phone and store it somewhere safe. Then perform a factory reset to completely wipe the phone and have your phone sent out to be fixed. When you get your phone back, insert the SD Card and restore from the backup. It will be just as you left it and the possibility that anyone has been able to access or tamper with your phone is almost nil... Apart from possibly large national security agencies whom are known for having catalogs of common electronic items that have been compromised in various ways.
I can't speak for your exact phone, but I am quite familiar with encryption as well as the US-model Galaxy S3's. Unfortunately Samsung is known for running their own encryption schemes with are different and most often weaker than the stock. Custom ROMs with generally have an implementation based on AOSP sources. A 4 digit PIN or common passphrase can be easily broken with either, but a sturdy encryption passphrase will almost certainly provide sufficient protection.
Without knowing the specifics of your phone and whatever TouchWiz it's running, I can say this much. If you enable encryption on your phone, it will encrypt /data (application data) at a very minimum. This will almost definitely not include /system. It will probably not include the external SD card or any of the actual applications (the .apk files). The encryption would keep your data secure at rest, but it wouldn't prevent a motivated attacker from installing a hidden malicious application in the system.
You are correct in that the bootloader cannot be encrypted.
Click to expand...
Click to collapse
Thank You for the informative answer!
I had to do this once and what I did was:
- Root phone (which I always wanted to do)
- Perform a full backup to SD card
- Remove SD card and perform a factory reset of the phone
Then off to repairs.
Once back, I did again a factory reset (just in case) and then restore the lot
Seems a lot to do, but I have some sensitive data on it and didn't want to risk it too much. Besides during the restore I took the opportunity to upgrade to 4.3 (at the time)
glass
why dnt you buy a chinese glass and change it yourself its so easy and cheap, around 10 euros or so? i did the same for my old phone

[Completed] Solution to "MDM does not allow factoryReset..." on android devices

Okay so here is a little back story. I work in an IT department and my company loves anything VMWare produces so they use Airwatch for work emails on mobile devices. Airwatch has it's on MDM and provides security for the device in case it ever gets stolen which is awesome, but I had a specific case where the customer had the awesome idea to turn off his wifi internally (can't use airwatch console to remote wipe), and forgot his encryption password and I was like great... So I tried factory resetting it and lo and behold I get the infamous message "MDM does not allow factoryReset"... This is obviously a part of Airwatch's MDM control so someone can't just factory reset a device and claim it as theirs. I know a lot of people recommend Odin and just flash it with another ROM version, but that isn't "company standard" so it's not very advised to do that. So I put my superior IT knowledge to the test and imlemented a grand strategy to fix this.
Alright so for everyone who has this problem you are going to want to follow these steps...
1. Set a password for the device
2. Make sure the device has 80% charge or more
3. Settings -> Security -> Encrypt Device
Now once you have encrypted your device and it has went all the way through. Reboot the device and now on bootup it should ask you for a password to get into your device to see encrypted data. Get this password wrong 15 times (can vary from device) and it will wipe the device clean of any data and it will reboot, then come up as if you're registering a new device from factory reset. I know this solution is a bit caveman status, but it works. Hope this helps!
xzeroun said:
Okay so here is a little back story. I work in an IT department and my company loves anything VMWare produces so they use Airwatch for work emails on mobile devices. Airwatch has it's on MDM and provides security for the device in case it ever gets stolen which is awesome, but I had a specific case where the customer had the awesome idea to turn off his wifi internally (can't use airwatch console to remote wipe), and forgot his encryption password and I was like great... So I tried factory resetting it and lo and behold I get the infamous message "MDM does not allow factoryReset"... This is obviously a part of Airwatch's MDM control so someone can't just factory reset a device and claim it as theirs. I know a lot of people recommend Odin and just flash it with another ROM version, but that isn't "company standard" so it's not very advised to do that. So I put my superior IT knowledge to the test and imlemented a grand strategy to fix this.
Alright so for everyone who has this problem you are going to want to follow these steps...
1. Set a password for the device
2. Make sure the device has 80% charge or more
3. Settings -> Security -> Encrypt Device
Now once you have encrypted your device and it has went all the way through. Reboot the device and now on bootup it should ask you for a password to get into your device to see encrypted data. Get this password wrong 15 times (can vary from device) and it will wipe the device clean of any data and it will reboot, then come up as if you're registering a new device from factory reset. I know this solution is a bit caveman status, but it works. Hope this helps!
Click to expand...
Click to collapse
This is not the place for this post.
Thread closed.
Please post in your device forums.

Some Security questions

Hello guys, i have a few question that i would like to ask.
My boss is considering S8 as his new phone and he need to know about device security.
1.If you encrypt device how tough it is for police to open it?
No criminal activity done but police is part of the fight between companies. And it is the cheapest fighting method.
2.Is it possible to wire the phone without hardware mod?
Like for example using some sort of wireless method or wireless activation of cam or microphone?
3.If i turn on wipe device after 10 bad password attempts is it wiped completely without any possible way of recovery?
There will be no SD card used. Only internal memory.
4.What is safer? S8 or iPhone 7 Plus
5.Can there be software sent and installed to phone without user interaction?
Thank you so much for your answers.
It's impossible to directly crack the phone's encryption if you use a secure password. The SD card can be securely encrypted as well. Biometric unlocking is less secure, if you set that up (though if you shut the phone down, only the password will unlock it). There is an option to have the phone wiped after multiple failed password entries, but that gives no extra protection from serious attackers who can copy the phone's storage and work from the copy rather than the original. So you need a secure, unguessable password.
Courts may be able to compel you to unlock your phone (or jail you until you comply). Different jurisdictions have different (and changing) rules on the matter.
All phones are designed with strong measures against installing malware. And the S8's Secure Folders feature adds another layer of safety. Nonetheless, vulnerabilities are discovered all the time. They're patched by monthly security updates, but new ones still pop up. So it's impossible to guarantee the absence of malware (including malware that uses the microphone). Empirically, however, it appears to be quite rare for a modern phone, with up-to-date patches and other best security practices, to be seriously compromised.
But of course your boss will need to do their own research and verify all these claims from reliable sources, not from unknown people on an internet forum.

Categories

Resources