Spent most of today trying to figure out how to secure my data on tp2 with SD card. Here's my thoughts and conclusions:
I can implement windows encryption on the SD card... but that becomes a huge obstacle to flashing / hard-resets (encryption key cannot be exported and card becomes unreadable after hard-reset).
I can buy some encryption software, but my impression is that the few I have found are either way expensive or only encrypt SD card (and it seems there is no reliable option for changing the location of Outlook data storage - other than e-mail attachments - to the SD card).
But even if I find encryption software, what is to prevent someone from taking my phone and using WMDC to create a partnership and synch the contents from the phone to their desktop?
And then there is the locking of my phone: setting the phone to require a password upon startup is tolerable, but it gets old pretty fast when I have to type the password each time the phone has been inactive for 7 minutes, so I'm looking at pattern locking software (throttlelock) instead. (i.e. I require security upon startup and after 7 minutes of inactivity).
Anyone figured out how to address all these issues? Any other possible breaches in security I have not mentioned?
With Regards-
Sam
HTC TP2, T-Mobile 6.5 ROM, Vista Ultimate 64
The other problem with encryption is corruption (although not very common it does happen) Try taking a look at this list and you might also want to try this which is a free alternative, hope this helps and best of luck!
Thanks -
Anyone else have any thoughts on this?
Related
Hi there
I am just finding my way around WM6 on my new Orbit 2. I haven't decided whether to use the file encryption feature yet. What I WOULD like to set up is the auto-wipe feature if you enter the wrong PIN number more than a specified number of times.
I gather from posts that the default number of times for wrong PIN entry is seven. I think this is too much and would like to change it to three wrong PIN entries. I figure that if the PDA gets lost/stolen then whoever has it might decide after a couple of PIN try-outs to remove the MicroSD card before the 'wipe' feature has kicked in. Also, I am presuming that everything gets wiped - internal data and storage card?
Does anyone know how I can change the setting? I get the impression that it's possible but can't see any user-setting on my Orbit, or any posts answering this question. If there is no way to change it does anyone have any recommendations for a third party utility that would do this?
Also, I am undecided about using the encryption feature - not sure of the implications for speed and backing up etc. Has anyone any thoughts about this? I wonder if it might be best to only turn it on AFTER you have installed programs etc... in other words, turn it on when I start to save my data and personal files.
As a 'related' question - does anyone have any thoughts or info about the security of your "Contacts" when running WM6? I have never fathomed out where exactly they are stored and how you can secure them if the device gets lost/stolen. I reckon that my Contacts data is actually one of the most valuable and private things I keep on my PDA and would hate the Contacts info falling into the wrong hands, with all my friends' phone numbers and addresses etc at potential risk
Many thanks to one and all for anything that might come my way as a result of this posting. Kiss kiss.
OrangeSpiv
Hi guys, im fairly new to the WM scene, but have finally customized my Xperia X1 to be just how I want it.
This brings me to this question about security.
At the moment what worries me, is if I lose my phone or someone steals it. They would have access to all my information, my contacts, my software, my emails, passwords and other such personal information that I would rather not give out. Obviously the safest solution would be to leave it in the house, but that's something none of us want to do!
Now I was thinking about encrypting the Internal memory and the memory card so that the files could not be hacked or looked at by prying eyes when connected to a computer for instance. But I couldn't seem to find any software which would do such a thing. I currently use TrueCrypt on my PC which stops nearly everything.
What I really want to do is the following:
1. Password the device.
2. Encrypt it, so that the files cannot be taken off or read.
3. Automatic password lock after 1 minute.
4. Stop files being accessed through a PC (by others of course but not myself).
5. Any other methods people could access the phone with a computer, flashing and such tools to get into them.
I know the memory card has encryption to stop anything other than the device reading the card. But this doesn't work on mine for some reason as I can plonk the card in a reader and get access to all my files in various computers I have tried.
I realize it will never be truly secure but let's be honest. The average thief wouldn't exactly know how to hack into a phone and access it's files.
Now im not fussed if say for instance it was stolen, the thief flashed the phone and used it for themselves. At the end of the day, they've got the phone, wether they are using it or not isn't going to make a difference, but making sure they can't access the files is a top priority.
One of the main programs I worry about is these "Wallet" programs that you can get. They are very handy for storing all your card details and such on, but are they truly safe? That is what I wonder.
Any replies would be really appreciated as I always worry about losing my phone at the moment due to it having no protection!
Are there any suggestions anyone can make to me?
Anyone got an opinons on this? I was hoping for a reply.
Hi vmrmic,
I know that Check Point has a encryption solution for Windows mobile since I work there
http://www.checkpoint.com/products/datasecurity/mobile/index.html
Check supported devices:
www.checkpoint.com/supportedhandhelds
X1 is not up there but it works fine. I have tried it. Officially supported in a couple of weeks
Note that this solution is intended for business and not a one by one installation
If you have more questions find the forum on checkpoint.com since I don't always check this forums.
Regards
Check out Throttle Lock http://www.throttlelauncher.com/portal/
Not every thing your asking for but a great solution
TB
Hello folks,
Does anyone know of a way to encrypt an entire Windows Mobile device? I know we have the ability to encrypt the SD card in WinMo 6.1, but is there a way to encrypt the entire device? In case the device is stolen, it would be great if everything was inaccessible. I believe the company PGP has something like this for the BlackBerry RIM platform as a commercial platform. A solution like TrueCrypt for Windows Mobile would be great (http://en.wikipedia.org/wiki/TrueCrypt).
I know there is a remote 'self destruct' function if your phone is on a corporate Exchange server, but that function only works if your stolen phone has network access. A semi-smart thief would not permit network access of any kind once they 'acquire' the device from you.
Does anyone have any ideas? Thanks!
You can use the device lock policy and push it via exchange, you can set the device to wipe after x incorrect PIN entered. They can't access the SD card (because it's encrypted) or main memory (because the device is locked).
In terms of bricking the device, I think HP's iPAQs had a PIN tool that survived a hard reset, and some ROM chefs have offered to cook in Sprite Terminator which will also then survive a hard reset, but nothing can stop people from going into bootloader and reflashing to unbrick the device.
Try googling DOJOCRYPT..
try Utimaco SafeGuard.
they even offer a trial version. however be careful because you cannot uninstall it (only with hard reset)
Hi all,
So I've got a new Nexus S, and I'm running the stock 4.0.3 from Google. This phone hasn't yet been rooted or had the bootloader unlocked.
I'm a big security fan, and I've read about how tools exist that can simply slurp all the data off a phone without even breaking a sweat, and I'd like to be able to defeat such abilities. Ideally, I'd even like to be able to have su access to a device as the authorized user and owner (This is a Wind Mobile Canada phone, the carrier has no stake in it at all). I remember hacking away at my T-Mobile G1, and being a little concerned that merely pressing a button to get into the recovery at boot-time would enable full access to everything on the device for a knowledgeable attacker.
So I see under "Settings - Security" there's an "Encrypt Phone" option. Google has documentation here for the Galaxy Nexus, but it lacks specifics.
Can anyone here provide or point me to proper details? What is encrypted, how is it encrypted, how strong is the encryption, how much impact does this have on performance and battery life?
*edit - I just found this. If I'm reading this right, this is FDE on the /data partition, which is very good. Still doesn't do anything for the sdcard/usb partition though.
Have you tried it? On my Nexus S 4g (which is, I grant you, slightly different) it DOES encrypt the sdcard as well. I'm interested in other's experiences with FDE. Particularly weaknesses and developing procedures for restoring/flashing after enabling FDE.
Hi,
As part of setting up a work email account, I had to encrypt my Nexus S including the SD card. Unfortunately, that meant that I could not access the SD card to transfer music, photos...or most importantly, new ROMs to flash. I did a factory reset, which seemed to be the only option to get rid of it.
I have now gone back to Gingerbread as it does not have full encryption as an option ( so allows me to keep my work exchange account with just a pin password) But I am keen to try ICS again.
Does anyone have any solution for accessing the SD card on an encrypted phone?
Cheers
What would be really interesting if there is a way to password protect the bootloader. Does anyone know?
Best regards,
SuperMaz
Hi!
First time post, but long time lurker here
Long background:
We have a bit of confusion here at work after the official relase of ICS for the HTC Sensation. We currently have a third party mail solution (DME) that is used to make sure all mail data is encrypted on the device in case of theft. Therefore the full device encryption in ICS has been very much on our "need to have list" to be able to enforce the Exchange policy of "require encrypted device" to make it possible to user ActiveSync instead of the painful DME solution....
So, on the Galaxy Nexus we have the option of "Encrypt phone" for full device encryption (not sure if this is the exact name in English as we have Swedish localization). After that it works fine to connect via ActiveSync to the Exchange server that has the policy of "require encrypted device" (and "require encrypted SD card too - as the Nexus does not have one)...
On the HTC Sensation however, we cannot find the option to "Encrypt the phone" (full device encryption), but only the option of "Encrypt SD card". The Exchange server does not allow the Sensation to sync if just the SD card is encrypted, and our security department will not allow it if the whole device is not encrypted...
So - the question:
Is it not possible to enable full device encryption in HTC:s implementation of ICS? Encrypting the SD card will not be good enough as the mail data is stored in the internal memory and not the SD card? Besides, the people here with Sensations are having problems accessing the data on the SC-card after encrypting it - but that's another question
Any ideas?
I found and posted the official not yet realeased Sensation ICS users guide:
http://forum.xda-developers.com/showthread.php?t=1546297&highlight=user+guide
It ha sa section on encryption, it might help
I have read that manual (its for HTC Sens. XE) and it says:
1. From the Home screen, press , and then tap Settings.
2. Tap Storage.
3. Tap Storage encryption to encrypt the phone storage or SD card encryption
--The option "Storage encryption" does not exist on the HTC Sensation.
So the question still remains unsolved. Is it possible to do a full device encryption on the HTC Sensation?
Any takers?
/Naper
There are two options for the ICS Sensation, you will need to enable both
Settings->Storage
Storage Encrytion = Encrypt applications and settings
SD Card Encrytion = Requires SD card to be encrypted. Non-encrytped SD card will be read only.
Hi,
like i said, the option "storage encryption" is not available on my ICS Sensation,
and not on my collegues either.
so other ideas?
What version of ICS are you running?
One thing I noticed is that if you have connected to an exchange server some security settings disappear once a policy has been set, ie install from unknown sources is one I saw remove after connecting to my mail server. It could be that your policy is actually active and has been removed from the menu.
The only way to check would be to factory default your handset and check for the settings, then connect to your exchange server and check again.
Hi,
reply from HTC:
----
Storage encryption is an option that that the 2.3.5 update with HTC sense 3.5 had and is something you cannot find in either the Sensation or Sensation XE after updating to ICS. After the update the device will use this function automatically if it is required to.
----
Unfortuneately using exchange 2010 with both sd card encryption and storage encryption policy does not work. When syncing phone with exchange, it tells you that you ppolicies needs to be applied. First sd-card. when its done and in the next sync it tells you yet again there still are polices that needs to be applied on the moblie. Pressing ok and nothing happens after that. This dialog reappear the next time the phone sync and so on...
Any solution yet?
Did you find a solution to your Exchange problem?
It sounds like the same problem as I described here: http://forum.xda-developers.com/showthread.php?t=1541079
I have send a support request to HTC about this 14 days ago, but no solution yet.
Bumping because this is a huge issue for me. If I had known I would not have upgraded.
MobileIron is having a fit because it wants device encryption enabled, but the option to turn it on is not in the OTA update I have received. It worked fine in Gingerbread OTA because Gingerbread did not support encryption, but for devices that support encryption it is mandatory. Because of this I can't receive work e-mail on my phone. The value my phone provides is severly diminished.
I see three options:
1. Something I'm missing that fixes this.
2. Flash back to Gingerbreat OTA (Is this even possible without root? MobileIron will not allow me to receive work e-mail if the device is rooted.)
3. Flip T-Mobile the bird and go to Sprint, and sell the Sensation to make back some of the ETF.
Anyone else have anything?
If you use the ICS skin mod, the option appears to use it. I tested it on the non tmob rom.
I think if I got rid of sense and used the usual launcher it worked. Why it isn't there is beyond me. I tested it and it did work, but do a backup first.
http://forum.xda-developers.com/showthread.php?t=1470497
Well, of course, if you are running the official rom it won't work, cause you need to be running something like ARHD to use that mod
Hi!
I have an HTC Sensation XL, and recently after I updated to ICS, everything was there, including the "storage encryption" option which is automatically enabled for apps and settings. If you were prompted to add a pin code and so, then it means your phone is probably already encrypted.
One thing you should note though is that, the "phone storage encryption" will wipe out all the data in your phone storage first and then encrypt the storage, so doing a backup first would be helpful. I didn't know about this when I performed the encryption process, and so all my precious photos were wiped out...and no way to recover even with a data recovery software
If anyone could help me out with this, it would be greatly appreciated
I am running AOSP and "Encrypt Phone" is under the security tab in settings. Maybe HTC removed it in sense.