Related
Don't worry, it's a security question alright.
I live in Eastern Europe, which is on the far side of the Samsung support network and I have samsung galaxy s3 phone (GT-9300 i guess). My repair options look a little bit bleak. I must either ship it back to France, from where it is bought, or I must seek help of non-licensed technicians. Thank God, there are quite a lot around here and for problems like this they do wonders.
I am worried though that the technicians may try to meddle with the software of my phone and do something nasty with it while the phone is in their possession. I use the phone quite a lot to access various servers trough ssh and the servers contain semi-sensitive information about customers, phones, the equivalents of social security numbers in my country and etc. Of course I will delete my present information, but how about the future. If someone has hacked versions of the firmware, it will be a child game to get the passwords for my servers.
So I need to secure the software of my phone somehow and I'm not sure of my options, so I'm asking for advice which is better. I have experience with Linux, but about Android I'm a quite noob. I had my Amazon FireHD Tablet rooted and installed with CyanogenMOD, so I know a little bit about ROM images. The phone itself is unrooted with original software and is not locked to a carrier.
Should I:
1. Try to back up my entire ROM image?
There are various questions here. It looks that I cannot download standalone original ROM image directly from Samsung so I must back up mine. But in the bootloader (which opens with volume up/down + home + power) it seems that there are no options for backing up rom image, only for restoring trough ADB of SD card. Should I try to root, install alternative bootloader and then back up everything.
There is one very important sub-question here: Will the phone signal me somehow If someone replaces the original bootloader with say, non-signed one? What If someone changes the bootloader as well as the system image?
2. Should I try to ecrypt my phone.
I cannot get easily information about what exactly is encrypted. Pretty sure that the bootloader itself cannot be encrypted anyway. How about the system image. Is it encrypted ?
I'll be thanful for any help about these two ideas as well as any others?
If you are paying to have the repair done by an entity other than Samsung then you have a great option available. Just out of curiousity, what version of android are you running? If I were in your shoes, I would root the phone and install a custom recovery (either TWRP or Philz). This will allow you to take a complete nandroid backup of the phone to the external SD Card. Confirm the nandroid backup has been saved to the SD Card then remove the card from the phone and store it somewhere safe. Then perform a factory reset to completely wipe the phone and have your phone sent out to be fixed. When you get your phone back, insert the SD Card and restore from the backup. It will be just as you left it and the possibility that anyone has been able to access or tamper with your phone is almost nil... Apart from possibly large national security agencies whom are known for having catalogs of common electronic items that have been compromised in various ways.
I can't speak for your exact phone, but I am quite familiar with encryption as well as the US-model Galaxy S3's. Unfortunately Samsung is known for running their own encryption schemes with are different and most often weaker than the stock. Custom ROMs with generally have an implementation based on AOSP sources. A 4 digit PIN or common passphrase can be easily broken with either, but a sturdy encryption passphrase will almost certainly provide sufficient protection.
Without knowing the specifics of your phone and whatever TouchWiz it's running, I can say this much. If you enable encryption on your phone, it will encrypt /data (application data) at a very minimum. This will almost definitely not include /system. It will probably not include the external SD card or any of the actual applications (the .apk files). The encryption would keep your data secure at rest, but it wouldn't prevent a motivated attacker from installing a hidden malicious application in the system.
You are correct in that the bootloader cannot be encrypted.
84598432951
fadedout said:
If you are paying to have the repair done by an entity other than Samsung then you have a great option available. Just out of curiousity, what version of android are you running? If I were in your shoes, I would root the phone and install a custom recovery (either TWRP or Philz). This will allow you to take a complete nandroid backup of the phone to the external SD Card. Confirm the nandroid backup has been saved to the SD Card then remove the card from the phone and store it somewhere safe. Then perform a factory reset to completely wipe the phone and have your phone sent out to be fixed. When you get your phone back, insert the SD Card and restore from the backup. It will be just as you left it and the possibility that anyone has been able to access or tamper with your phone is almost nil... Apart from possibly large national security agencies whom are known for having catalogs of common electronic items that have been compromised in various ways.
I can't speak for your exact phone, but I am quite familiar with encryption as well as the US-model Galaxy S3's. Unfortunately Samsung is known for running their own encryption schemes with are different and most often weaker than the stock. Custom ROMs with generally have an implementation based on AOSP sources. A 4 digit PIN or common passphrase can be easily broken with either, but a sturdy encryption passphrase will almost certainly provide sufficient protection.
Without knowing the specifics of your phone and whatever TouchWiz it's running, I can say this much. If you enable encryption on your phone, it will encrypt /data (application data) at a very minimum. This will almost definitely not include /system. It will probably not include the external SD card or any of the actual applications (the .apk files). The encryption would keep your data secure at rest, but it wouldn't prevent a motivated attacker from installing a hidden malicious application in the system.
You are correct in that the bootloader cannot be encrypted.
Click to expand...
Click to collapse
Thank You for the informative answer!
I had to do this once and what I did was:
- Root phone (which I always wanted to do)
- Perform a full backup to SD card
- Remove SD card and perform a factory reset of the phone
Then off to repairs.
Once back, I did again a factory reset (just in case) and then restore the lot
Seems a lot to do, but I have some sensitive data on it and didn't want to risk it too much. Besides during the restore I took the opportunity to upgrade to 4.3 (at the time)
glass
why dnt you buy a chinese glass and change it yourself its so easy and cheap, around 10 euros or so? i did the same for my old phone
Hello,
My S3 mini was stolen and the thief apparently removed the battery or sim as soon as it was stolen. So it came into mind, which is more secure really. iOS or Android. Apparently, for an Android phpne whether the battery is removale or not, the thief can simply remove the SIM or just shut it down without even knowing the screen pass lock. Furthermore, if he does the power plus volume down combination, he can easily reset the phone to its factory defaults and even then, my photos - main storage and SD card - will be compromised. So yea, the phone can easily be cut from the internet so the wipe amd locate fucntions would be useless.
However on my iPad, I tried connecting it to a new computer, the photos were not accessible. I even installed iTunes, still the photos were not there. It had to be accessed from an iTunes that has previously backed it up. Traditional methods like wiping and locking and tracking are rednered useless because the thief can easily remove the SIM or simply shut it down without knowing the passlock.
So yea, does that make iOS more safe? Do thieves have access to programs that can bypass the lock screen for iOS or Android. Do they have access to programs that can factory reset iOS without an iTunes with a previous backup?
Am I missing anything? Can the user thighten the securty more by himself other than being careful and copying the photos reguraly. Also I am assuming that the USB debugging is turned off for Android by default.
PS: I do know that There are apps made to combat theft but yea, removing the battery, shutting it down or removing the SIM totally kills all those solutions.
We all know there are apps, but every night I sleep I think of this feature. But I'm not a kernel dev so I don't know how to make it.
Hopefully some kernel dev stumbles across this and can implement it.
There must be a pin lock when you factory reset your device and a toggle which unlocks the device pin for a certain amount of mins then locks so that the recovery wipe isn't reachable until one unlocks it.
But yeah, till now I think apple devices are more secure in terms of when theft applies.
Sent from my Nexus 5 using Tapatalk
i have an option to encrypt the entire phone in the security menu. i do not know if that is a custom rom or an android thing, but i suspect it is the latter.
i do not use that option, though, it makes data recovery more difficult should something go wrong. still, it is there, and if you guys are so security conscious, why not just encrypt the data?
In this era, Mobile Security is the top priority for any smartphone user. Mobile Security continues to up for the security. Nowadays it's more vital cause we store sensitive data on mobile phones. Ios is more secure than android.
Some features of IOS why you choose IOS:
App marketplace security: Apple closely inspects every app on its app store, which might reduce the number of apps available, but helps to minimize malware-riddled apps.
Device manufacturers: iPhone's integrated design makes security vulnerabilities less frequent and harder to find.
Updates to patch vulnerabilities: Apple updates are more accessible to control across devices, promising consistent security.
I have thus far been unable to find the information I'm looking for in regards to full disk encryption for Android. When you encrypt the drive, Android uses the same password used for unlocking your phone. There are methods out there to defeat the lock screen. Does this bypass encryption as well?
I assume that if it's really encrypted then getting around the lock screen without the appropriate password/key combination would result in you being unable to access the data. If this is not the case then the question becomes whether or not the data can be considered encrypted while the hard drive remains on the phone.
Anyone have any practical knowledge of this, and of whether the key for turning the phone on is the same as for unlocking the phone? I would appreciate any input toward this discussion. Thank you!
-E
emccalment said:
I have thus far been unable to find the information I'm looking for in regards to full disk encryption for Android. When you encrypt the drive, Android uses the same password used for unlocking your phone. There are methods out there to defeat the lock screen. Does this bypass encryption as well?
I assume that if it's really encrypted then getting around the lock screen without the appropriate password/key combination would result in you being unable to access the data. If this is not the case then the question becomes whether or not the data can be considered encrypted while the hard drive remains on the phone.
Anyone have any practical knowledge of this, and of whether the key for turning the phone on is the same as for unlocking the phone? I would appreciate any input toward this discussion. Thank you!
-E
Click to expand...
Click to collapse
So, to be clear, any encryption can be bypassed. If the password is weak, then there is no issue and can be done in no time, if the password is strong (capital letters, numbers, symbols), then a brute-force attack can take years! Said that, you have to understand that Android devices has weaknesses, like every other device, and out there are also companies that guarantee they can decrypt any android device. Another way to decrypt an Android device is freezing the device at -10c (yes physically and no is not a joke). Researchers has demonstrated that if you freeze the device, and quickly disconnected and reconnected the battery will put the device in a vulnerable loophole. Even if encryption means data altering, and it requires a key to access/restore the data, this behavior probable occurs because the low temperatures causes data to fade from internal chips more slowly. That way is possible to obtain encryption keys and unscramble the phone's encrypted data. So, to reply to your question, yes, someone with enough knowledge can bypass your encryption.
Hey, thank you for your response! I read the article about bypassing encryption by slowing the rate of RAM fade and using FROST. I have a few minor follow on questions about that, however I'm not terribly concerned with tracking that down. I'm doing some research for a project, and I've just run out of time basically, so I can't try everything.
So, I know that it can be bypassed. I also know that you can run a kernel called Armored that supposedly keeps the keys for your encryption on the CPU instead of RAM, which supposedly shuts down cold boot attacks. I think that's a bit extreme for everyday situations, but it's there. I'm more curious about the authentication mechanism for the encryption I guess. It's ran through AES128, then salted with SHA, if I remember what I read. So without encryption, if you bypass the password, you're in. I'm curious, if you were to be able to bypass the encryption password (without actually getting it right). Would the system let you in, but leave everything encrypted and unreadable since you didn't provide the appropriate credentials?
-E
emccalment said:
Hey, thank you for your response! I read the article about bypassing encryption by slowing the rate of RAM fade and using FROST. I have a few minor follow on questions about that, however I'm not terribly concerned with tracking that down. I'm doing some research for a project, and I've just run out of time basically, so I can't try everything.
So, I know that it can be bypassed. I also know that you can run a kernel called Armored that supposedly keeps the keys for your encryption on the CPU instead of RAM, which supposedly shuts down cold boot attacks. I think that's a bit extreme for everyday situations, but it's there. I'm more curious about the authentication mechanism for the encryption I guess. It's ran through AES128, then salted with SHA, if I remember what I read. So without encryption, if you bypass the password, you're in. I'm curious, if you were to be able to bypass the encryption password (without actually getting it right). Would the system let you in, but leave everything encrypted and unreadable since you didn't provide the appropriate credentials?
-E
Click to expand...
Click to collapse
Encryption is carried out at boot time. After the device has booted, a lockscreen bypass will yield full access to the device's data. Encryption only protects your data when the phone isn't turned on, effectively. Or if you know the adversary won't be able to bypass the lockscreen, and would end up rebooting it without knowing it was encrypted.
pulser_g2 said:
Encryption is carried out at boot time. After the device has booted, a lockscreen bypass will yield full access to the device's data. Encryption only protects your data when the phone isn't turned on, effectively. Or if you know the adversary won't be able to bypass the lockscreen, and would end up rebooting it without knowing it was encrypted.
Click to expand...
Click to collapse
@pulser_g2 +++
Or if you have a tracking software that allows you to shut down your phone remotely... But in that case you may as well wipe your phone remotely.
Hey!
It's my first post here so it this isn't the best place for such a question then by all means mods pls move the thread to where it should be
Basically, where I'm currently living (Brazil), things tend to get pretty violent and phone thefts are very common. Now the thing is, if it's an iPhone usually the thieves just throw it away, as once it's locked it becomes useless. When it comes to Android though, some of them will dig deep trying to access your info like pictures, passwords, bank information, among other things. They even manage to break IMEI locks and stuff. I got my S5 stolen recently and the information theft part put me through hell. Yet, I'd much rather have an S8+ then any other iPhone currently, so my question is how could I completely theft proof it?
I'm not really worried about them restoring the phone and reselling it, more about them accessing the data inside of it. I know the SD card can be protected through cryptography (although would accept "stronger" tips if there are any). When it comes to apps, aside from the basics of trusting what you install and stuff, are apps like Cerberus, Knox 2.0, or other Samsung features I'm not aware of, any good against someone who knows what they're doing? Is there a way to disable airplane mode or power offs? Also what is probably my strongest concern: is there a way to completely not allow system changes through a computer, like the one that removes the lock screen?
Being a programmer and computer science undergrad student (although not specializing in security nor mobile), I'd have no problem if the solutions would involve some coding or tweaking, just as long as they prove to be effective.
So, would you guys have any tips on how to completely secure the data given those concerns?
The sd card can be Encrypted and if you have a password lock (fingerprint irsi etc...) then it will ask for that before it will unlock the phone.
Also they have a remote wipe. You can log i to google and remote wipe your phone when you found out its been stolen.
You can set the phone to require a password to decrypt it when it's restarted. You can encrypt the SD card too. You can set it to lock instantly when the screen turns off. And you can use only a password to unlock it (no biometrics), which is the most secure option (if you use a suitable password). Finally, you can set the phone so that you can wipe it remotely, or to wipe itself after a number of consecutive incorrect password attempts. But even without the last two measures, your data will be unreadable without your password.
Unfortunately, though, if thieves are violent enough, they may be able to coerce you into divulging the password. If they succeed, they have full access to your phone.
Gary02468 said:
You can set the phone to require a password to decrypt it when it's restarted. You can encrypt the SD card too. You can set it to lock instantly when the screen turns off. And you can use only a password to unlock it (no biometrics), which is the most secure option (if you use a suitable password). Finally, you can set the phone so that you can wipe it remotely, or to wipe itself after a number of consecutive incorrect password attempts. But even without the last two measures, your data will be unreadable without your password.
Unfortunately, though, if thieves are violent enough, they may be able to coerce you into divulging the password. If they succeed, they have full access to your phone.
Click to expand...
Click to collapse
What about stuff like that Dr. Fone Toolkit that supposedly removes the lock screen? From the quick look I took it seems it somehow patches the Android on the phone to remove the lock screen. Is there some sort of system encryption/lock to avoid that kind of stuff when connected to a computer?
xile6 said:
The sd card can be Encrypted and if you have a password lock (fingerprint irsi etc...) then it will ask for that before it will unlock the phone.
Also they have a remote wipe. You can log i to google and remote wipe your phone when you found out its been stolen.
Click to expand...
Click to collapse
Usually they just put it on airplane mode though, so google remote wipe is useless... Which is why I was looking for more of an offline fix through cryptography and such
I use smart Lockscreen protector to prevent somebody putting my phone to airline mode or shutting it down ( It won't help phones with removable battery)
If you have the phone encrypted and have the require pin on boot set. And you have the Qualcomm version that is locked down you have nothing to worry about.
Even the iPhone 7 has been jail broken or rooted the S8 with the Qualcomm chip is one of only a few phones that have not been hacked. It's actually WAY more secure than an iPhone.
lvrma said:
What about stuff like that Dr. Fone Toolkit that supposedly removes the lock screen? From the quick look I took it seems it somehow patches the Android on the phone to remove the lock screen. Is there some sort of system encryption/lock to avoid that kind of stuff when connected to a computer?
Click to expand...
Click to collapse
The phone is completely encrypted, so if you set it to require a password to restart and to turn the screen back on, then its contents are unreadable without the password regardless of how you connect to it.
lvrma said:
...
Usually they just put it on airplane mode though, so google remote wipe is useless... Which is why I was looking for more of an offline fix through cryptography and such
Click to expand...
Click to collapse
If you have a lock screen set you can lock the status of your phone(wifi state, airplane mode, power settings). This way you have to unlock it to toggle these modes.
I just ran across this, some good advice.
http://thedroidguy.com/2017/04/setu...security-features-tutorials-1071462#Tutorial1
lvrma said:
What about stuff like that Dr. Fone Toolkit that supposedly removes the lock screen? From the quick look I took it seems it somehow patches the Android on the phone to remove the lock screen. Is there some sort of system encryption/lock to avoid that kind of stuff when connected to a computer?
Click to expand...
Click to collapse
Like you, I'm interested with this topic, but unlike you, I would like the theief to have a useless phone if they cant unlock it. So that they would think twice the next time they want to steal an android. Else they would just continue stealing since you just put the phone on download mode, connect to a computer and root it.
About your question. Isnt disabling usb debugging mode on developer option block that risk? Also in my note 4, enabling knox will prevent your device from being rooted, at least thats what i understand from the description. i wonder where it is in s8.
speaking of knox, s8 has "Secure folder". its like a secured environment within a phone. Everything you put in here will be protected by knox. Apps, accounts, files, etc. And it would ask for another security to access it(pattern/pin/password).
lvrma said:
Usually they just put it on airplane mode though, so google remote wipe is useless... Which is why I was looking for more of an offline fix through cryptography and such
Click to expand...
Click to collapse
you mentioned cerberus app, it has a function than can wipe device memory and wipe sd card via SMS command. so if you are fast enough, while the thief is running away and before he pulls out your sim card from the phone, you can send an sms command to wipe data.
Since you mentioned you are a programmer, this may be interesting to you, locking download mode and recovery mode on android to prevent thief from flashing hack to your phone. but this require a bit of patience if android isnt your forte.
https://ge0n0sis.github.io/posts/20...-mode-using-an-undocumented-feature-of-aboot/
BratPAQ said:
Like you, I'm interested with this topic, but unlike you, I would like the theief to have a useless phone if they cant unlock it. So that they would think twice the next time they want to steal an android. Else they would just continue stealing since you just put the phone on download mode, connect to a computer and root it.
About your question. Isnt disabling usb debugging mode on developer option block that risk? Also in my note 4, enabling knox will prevent your device from being rooted, at least thats what i understand from the description. i wonder where it is in s8.
speaking of knox, s8 has "Secure folder". its like a secured environment within a phone. Everything you put in here will be protected by knox. Apps, accounts, files, etc. And it would ask for another security to access it(pattern/pin/password).
you mentioned cerberus app, it has a function than can wipe device memory and wipe sd card via SMS command. so if you are fast enough, while the thief is running away and before he pulls out your sim card from the phone, you can send an sms command to wipe data.
Since you mentioned you are a programmer, this may be interesting to you, locking download mode and recovery mode on android to prevent thief from flashing hack to your phone. but this require a bit of patience if android isnt your forte.
https://ge0n0sis.github.io/posts/20...-mode-using-an-undocumented-feature-of-aboot/
Click to expand...
Click to collapse
Don't put your phone anywhere besides your pocket. Get a cover that makes it look like as different phone with a cracked screen.
the easiest way to encrypt sd and phone, enable adoptable storage.
cantenna said:
the easiest way to encrypt sd and phone, enable adoptable storage.
Click to expand...
Click to collapse
How is that easier than just selecting the Settings options to encrypt the SD card and to require a password to unlock upon restart?
---------- Post added at 06:08 AM ---------- Previous post was at 05:11 AM ----------
lvrma said:
Usually they just put it on airplane mode though, so google remote wipe is useless[.] Which is why I was looking for more of an offline fix through cryptography and such
Click to expand...
Click to collapse
Yes, and even without airplane mode, they can physically enclose the phone to block all electronic signals. Encrypting the phone (and SD card), using a secure password as the sole unlock method, affords the strongest protection against all attacks (except coercing the password from you).
Gary02468 said:
How is that easier than just selecting the Settings options to encrypt the SD card and to require a password to unlock upon restart?
---------- Post added at 06:08 AM ---------- Previous post was at 05:11 AM ----------
Yes, and even without airplane mode, they can physically enclose the phone to block all electronic signals. Encrypting the phone (and SD card), using a secure password as the sole unlock method, affords the strongest protection against all attacks (except coercing the password from you).
Click to expand...
Click to collapse
oh yea, may bad, i often assume everyone on xda is here because there interested in unlocked boot loaders, root and custom kernels. My recomindation applies only to people who have unlocked pandor's box only.
the method of encyption you suggested the isnt availble for users like me but we can enable adoptable storage which does encrypt the system by other means and it is compatible with root, etc
dynospectrum said:
Don't put your phone anywhere besides your pocket. Get a cover that makes it look like as different phone with a cracked screen.
Click to expand...
Click to collapse
Where can you get/ how can you make such a cover?
Also sometimes when I'm in bad Areas, I go to developer options and turn on some of the screen update stuff, so it flashes the screen purple a lot and make it look messed up.
Hi!
I'm considering buying Pixel 6a for its worth at around 300USD worth but after using Android for several years, I'm concerned about security after rooting, like after theft etc.
Afaik, if bootloader is unlocked, the thief can just flash a new image and that's it!
It's different with iOS where icloud lock (even after jailbreak) can render the device practically unusable.
Can someone guide if some kind of google lock is a possibility nówadays with Android or newer versions of Android?
Are you looking at this from a data security standpoint? Or from "make sure its worthless to the thief".
Data security I believe is much more important than causing the phone to self destruct if stolen, and from a data security standpoint, you don't need to worry about root, because the data stored in the userdata partition is ENCRYPTED, and this encryption is tied to lockscreen security. In other words, they need to be able to legitimately get past the lockscreen in order to have unencumbered access to your data, regardless of what they change with respect to boot and system partitions.
If on the other hand, you're more worried about rendering the device worthless if stolen (i.e., thief can't actually use it), then you're actually talking about gooble's factory reset protection, which pretty much locks you to factory images, and locked bootloaders, and the "unlock bootloader" switch set to not-unlockable.
Factory reset protection works by forcing you to validate that you are the owner of the gooble account previously registered as owner of the device. It can be trivially bypassed as long as the "allow oem unlocking" flag is set to true, or the device has a 3rd party OS key installed, such as from grapheneos.
Also, having the device REPORTED as stolen if it is, will make it unable to connect to a cellular network, which pretty effectively makes it worthless.
Thanks for detailed answer. It answers my question.
While data is first priority, rendering device non-usable is also a deterrent.
Gotta find some ROMs which allow encryption tho. Thanks again
tarun0 said:
Thanks for detailed answer. It answers my question.
While data is first priority, rendering device non-usable is also a deterrent.
Gotta find some ROMs which allow encryption tho. Thanks again
Click to expand...
Click to collapse
It isn't a useful deterrent to theft, because they have to steal it first before they can find out if its been rendered useless or not. Its not like they'll return it if they find out that its useless.
tarun0 said:
Hi!
I'm considering buying Pixel 6a for its worth at around 300USD worth but after using Android for several years, I'm concerned about security after rooting, like after theft etc.
Afaik, if bootloader is unlocked, the thief can just flash a new image and that's it!
It's different with iOS where icloud lock (even after jailbreak) can render the device practically unusable.
Can someone guide if some kind of google lock is a possibility nówadays with Android or newer versions of Android?
Click to expand...
Click to collapse
You should be worried more about having unlocked bootloader as opposed to root.
Root can only be obtained via Magisk, which creates a layer making your System think that Magisk is a part of it. No root could be obtained other than through Magisk manager, and even then, you will get a prompt to allow root to an app or adb. You can provide time limited root or one time only for apps. In other words, root gives the user control. Your OS already has root regardless of Magisk. All Magisk does is give you the power to grant or deny root.
Locked vs unlocked bootloader: this is where you should be concerned. If your bootloader is unlocked, it might be possible to boot or flash a modified recovery or TWRP that will have full write access to your system partitions, which are not encrypted. Android, unlike Linux or Windows never encrypted anything but data partition, and a few years ago, Google dropped even that in favor of file encryption. So, your data partition is no longer encrypted, just the files. So, when TWRP has full access to your system, an adversary may succeed in removing your screen lock/password/pattern and force system to boot straight without any lock. Note, the attacker wouldn't have to deal with encryption at all, but rather use natural Android weakness, which is: the first boot after installing a brand new rom is always without password prompt. So, in this case, the attacker will have the full access to your data.
With locked bootloader, this is not possible, as all fastboot actions are disabled.
99.9% of custom roms require unlocked bootloader. Those few, which are available on locked bootloader, do not provide root. There are only 1 or 2 developments that can provide optional root + locked bootloader.
optimumpro said:
You should be worried more about having unlocked bootloader as opposed to root.
Root can only be obtained via Magisk, which creates a layer making your System think that Magisk is a part of it. No root could be obtained other than through Magisk manager, and even then, you will get a prompt to allow root to an app or adb. You can provide time limited root or one time only for apps. In other words, root gives the user control. Your OS already has root regardless of Magisk. All Magisk does is give you the power to grant or deny root.
Locked vs unlocked bootloader: this is where you should be concerned. If your bootloader is unlocked, it might be possible to boot or flash a modified recovery or TWRP that will have full write access to your system partitions, which are not encrypted. Android, unlike Linux or Windows never encrypted anything by data partition, and a few years ago, Google dropped even that in favor of file encryption. So, your data partition is no longer encrypted, just the files. So, when TWRP has full access to your system, an adversary may succeed in removing your screen lock/password/pattern and force system to boot straight without any lock. Note, the attacker wouldn't have to deal with encryption at all, but rather use natural Android weakness, which is: the first boot after installing a brand new rom is always without password prompt. So, in this case, the attacker will full access to your data.
With locked bootloader, this is not possible, as all fastboot actions are disabled.
99.9% of custom roms require unlocked bootloader. Those few, which are available on locked bootloader, do not provide root. There are only 1 or 2 developments that can provide optional root + locked bootloader.
Click to expand...
Click to collapse
Ahhh... So there are options albeit just 1 or 2 which can root with bootlocker locked!!
I thought it's just impossible to root without unlocking bootloader.
Thanks for the nice explanation
tarun0 said:
Ahhh... So there are options albeit just 1 or 2 which can root with bootlocker locked!!
I thought it's just impossible to root without unlocking bootloader.
Thanks for the nice explanation
Click to expand...
Click to collapse
Just my view: if I were you, I wouldn't buy any Pixels phone that has Titan chip in it. It is just one more reliance on such a 'bastion' of privacy as Google. Note Titan is closed source, and not only it deals with certificates, but it can also modify firmware. Here is Zdnet's description:
"The Titan chip manufacturing process generates unique keying material for each chip, and securely stores this material -- along with provenance information -- into a registry database. The contents of this database are cryptographically protected using keys maintained in an offline quorum-based Titan Certification Authority (CA).
"Individual Titan chips can generate Certificate Signing Requests (CSRs) directed at the Titan CA, which -- under the direction of a quorum of Titan identity administrators -- can verify the authenticity of the CSRs using the information in the registry database before issuing identity certificates."
So, each machine's individual key is stored with some 'magic' database maintained by Titan Certification Authority. In other words, an entity funded by three-letter agencies now has an additional database holding individual keys for each phone.
optimumpro said:
Just my view: if I were you, I wouldn't buy any Pixels phone that has Titan chip in it. It is just one more reliance on such a 'bastion' of privacy as Google. Note Titan is closed source, and not only it deals with certificates, but it can also modify firmware. Here is Zdnet's description:
"The Titan chip manufacturing process generates unique keying material for each chip, and securely stores this material -- along with provenance information -- into a registry database. The contents of this database are cryptographically protected using keys maintained in an offline quorum-based Titan Certification Authority (CA).
"Individual Titan chips can generate Certificate Signing Requests (CSRs) directed at the Titan CA, which -- under the direction of a quorum of Titan identity administrators -- can verify the authenticity of the CSRs using the information in the registry database before issuing identity certificates."
So, each machine's individual key is stored with some 'magic' database maintained by Titan Certification Authority. In other words, an entity funded by three-letter agencies now has an additional database holding individual keys for each phone.
Click to expand...
Click to collapse
Thanks for the opinion broski! But what brand are available there?
I don't like Samsung anymore because they destroy screen with update and don't help customers. Rest brand look more on papers but not in real.
tarun0 said:
Thanks for the opinion broski! But what brand are available there?
I don't like Samsung anymore because they destroy screen with update and don't help customers. Rest brand look more on papers but not in real.
Click to expand...
Click to collapse
Onepluses allow relocking bootloader on custom roms.
tarun0 said:
Thanks for the opinion broski! But what brand are available there?
I don't like Samsung anymore because they destroy screen with update and don't help customers. Rest brand look more on papers but not in real.
Click to expand...
Click to collapse
Don't be intimidated by the technical language - it's not as complicated as it seems. All hardware security modules come with a key that is installed at the factory and signed by the manufacturer. This initial key is only used to establish a basic level of trust, and the HSM will then generate a unique key for encrypting your data and performing attestation. This process is the same no matter what brand of device you use, whether it's an OnePlus, a pixel, or any other brand
Newer pixel models have a feature called ATTEST_KEY that allows each device to have its own unique keys. If one of these HSM keys were to be compromised, it wouldn't affect your security. However, rooting your phone can compromise your security and make verified boot ineffective, even if the bootloader is locked. If you value security, it's important not to root your phone
tarun0 said:
Ahhh... So there are options albeit just 1 or 2 which can root with bootlocker locked!!
I thought it's just impossible to root without unlocking bootloader.
Thanks for the nice explanation
Click to expand...
Click to collapse
This statement is incorrect. The Android user interface was not designed to handle permission prompts for root access. When you root your phone, you increase the potential for UI bugs that were previously not able to cause harm to become attack vectors that can be used to gain full access to your phone. Rooting also weakens the security of your phone by adding new permissive domains and making the *_app SELinux domains more permissive
It is heavily recommended to read this article https://madaidans-insecurities.github.io/android.html
tarun0 said:
Thanks for detailed answer. It answers my question.
While data is first priority, rendering device non-usable is also a deterrent.
Gotta find some ROMs which allow encryption tho. Thanks again
Click to expand...
Click to collapse
For the past five years, it has been required that all Android phones have encryption enabled by default. If you purchase a Pixel phone, it will come with encryption already enabled, but you can further enhance the security of the encryption by installing GrapheneOS as they increase the file name padding length to the maximum supported by the kernel make certain attacks harder.
Block-based encryption is generally considered to be less secure than file-based encryption because it uses a single key to encrypt all data, rather than multiple keys for individual files (which is what FBE does). Android 10 introduced metadata encryption, which encrypts the sector 0 on the data partition, making it inaccessible to attackers even when attempting to access the data through recovery mode. One of the main reasons file-based encryption is preferred over block-based encryption is that it is more difficult to verify the security of block-based encryption, and the algorithms used in block-based verification can be complex and challenging to implement correctly. Additionally, block-based encryption only encrypts data and does not provide any integrity checking, so if the data becomes corrupt, there is no way to detect it and the decryption process will continue. This can result in broken files at best and potentially allow attackers to tamper with or exploit the Linux kernel at worst, as noted by Linux kernel maintainers
optimumpro said:
So, when TWRP has full access to your system, an adversary may succeed in removing your screen lock/password/pattern and force system to boot straight without any lock. Note, the attacker wouldn't have to deal with encryption at all, but rather use natural Android weakness, which is: the first boot after installing a brand new rom is always without password prompt. So, in this case, the attacker will have the full access to your data.
Click to expand...
Click to collapse
This quote is mostly (the bad part) FALSE. The decryption on the files cannot be performed until AFTER the device has been unlocked. If an attacker installs something that skips the lockscreen, the files will NOT be decrypted, since that lockscreen password/pin/pattern/etc. is needed to gain access to the key.
No matter what, whether the device bootloader is unlocked or not, or the device has root access or not... if the device is physically outside of the owner's control, it is necessary to assume that security on it has been compromised and should not be trusted. As the owner, you should assume that it has been backdoored, so wipe it fully and reinstall OS.
there is one exception, though. in AFU state, FBE is already decrypted (same as FDE)
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass
(does not concern powered off devices)
96carboard said:
Are you looking at this from a data security standpoint? Or from "make sure its worthless to the thief".
Data security I believe is much more important than causing the phone to self destruct if stolen, and from a data security standpoint, you don't need to worry about root, because the data stored in the userdata partition is ENCRYPTED, and this encryption is tied to lockscreen security. In other words, they need to be able to legitimately get past the lockscreen in order to have unencumbered access to your data, regardless of what they change with respect to boot and system partitions.
If on the other hand, you're more worried about rendering the device worthless if stolen (i.e., thief can't actually use it), then you're actually talking about gooble's factory reset protection, which pretty much locks you to factory images, and locked bootloaders, and the "unlock bootloader" switch set to not-unlockable.
Factory reset protection works by forcing you to validate that you are the owner of the gooble account previously registered as owner of the device. It can be trivially bypassed as long as the "allow oem unlocking" flag is set to true, or the device has a 3rd party OS key installed, such as from grapheneos.
Also, having the device REPORTED as stolen if it is, will make it unable to connect to a cellular network, which pretty effectively makes it worthless.
Click to expand...
Click to collapse
Not all of this is really right on the head.
tarun0
FRP is VERY easy to bypass. Takes me about 2 minutes on Android 13 Jan 2022 update on 7 Pro, 7, 6a, 6 pro, 6, 5a, 5, 4a 5g and the 4a. The data is wiped though, so it at least can't have data stolen, but the FRP is more like a fence with a gate that you can just reach the other side to unlock with a paper clip lol
As far as getting past lock screen, there's USB plug-in's that if a true back actor wanted to get into the phone, it bypasses usb debugging and can force test thousands of pins and patterns per minute without flagging the maximum attempt trigger. But again, what's the chance of a phone getting stolen by someone with that level of knowledge? 90% of phone thieves take it, run and sell it quick flip.
Also, with a custom Android recovery, adb commands are possible, so if the device is rooted with a custom recovery, there's ways to extract the lock screen file where its stored and use it. I don't think the recoveries based on LineageOS can do this, but TWRP definitely can as I've done it personally. So far there's no twrp for any android 13 device to my knowledge. Even the android 12 variants of twrp are shotty and barely function.
Dirty flashing a rom will also remove any passcode generally on a phone. and make data accessible.
Reporting it stolen only goes so far. You can spoof the IMEI if rooted or straight up change it if you have tools like MiracleBox
Long story short, an unlocked bootloader and a rooted android device make the device very insecure. The only roms out there that let you re-lock the bootloader after flashing the rom are Graphene and CalyxOS. And I really don't recommend calyx. Its a pile of ****. Don't root graphene either, as you'll have to leave the bootloader unlocked
TechX1991 said:
Dirty flashing a rom will also remove any passcode generally on a phone. and make data accessible.
Click to expand...
Click to collapse
we are talking about FBE encryption, not old FDE encryption with default_password. do not claim what you haven't tested yourself. FBE is simply secure in BFU state. also against bruteforce as gatekeeper lives in TEE. after 140 attempts the timeout has increased to 1 day.
kindly read about how FBE works
https://android.stackexchange.com/a/241688