Possibility of recovering data from Android phone that fell into sea water? - General Questions and Answers

Background:
A person I know, dropped his phone (Android Oreo or above) into the water while at a beach. He tried keeping the phone in a bag of rice etc., but he can't get it to work. It won't even start. Samsung support said he'd need to replace the motherboard. He does not want the phone working again, but he wants the vacation photos from the phone. In Bangalore, there are some data recovery services that say they can recover the data for him (one of them mentioned some Spider technology).
Primary question:
Is the data recovery team's claim that they can recover the photos, actually legitimate? Can the photos be recovered from the phone in such a situation? How would they do it? Since the data on the phone would be encrypted (a password was needed to unlock the phone), would the data recovery team use a motherboard from a similar phone, connect it to the data storage and ask him to type his password to be able to access the data? If instead they removed the NAND storage and connected it to another board, wouldn't it be impossible to access the data without typing the phone's unlock password to decrypt it?
Concerns:
They might be bluffing, and this could just be a way to get paid for the "effort" that they put in to try recovering the data even if they can't eventually do it.
The data recovery team could clone the data and use brute-force techniques to gain access to any other data.
They could misuse any payment information stored on the phone.
They may view WhatsApp chats or other WhatsApp data stored (he says his WhatsApp is protected by fingerprint recognition).

if privacy is the main concern here, do it through samsung, through the official means. whats more important, the price of a motherboard or their privacy ?

Related

[Q] Broke the glass on my screen, now I have to give my phone to a technician...

Don't worry, it's a security question alright.
I live in Eastern Europe, which is on the far side of the Samsung support network and I have samsung galaxy s3 phone (GT-9300 i guess). My repair options look a little bit bleak. I must either ship it back to France, from where it is bought, or I must seek help of non-licensed technicians. Thank God, there are quite a lot around here and for problems like this they do wonders.
I am worried though that the technicians may try to meddle with the software of my phone and do something nasty with it while the phone is in their possession. I use the phone quite a lot to access various servers trough ssh and the servers contain semi-sensitive information about customers, phones, the equivalents of social security numbers in my country and etc. Of course I will delete my present information, but how about the future. If someone has hacked versions of the firmware, it will be a child game to get the passwords for my servers.
So I need to secure the software of my phone somehow and I'm not sure of my options, so I'm asking for advice which is better. I have experience with Linux, but about Android I'm a quite noob. I had my Amazon FireHD Tablet rooted and installed with CyanogenMOD, so I know a little bit about ROM images. The phone itself is unrooted with original software and is not locked to a carrier.
Should I:
1. Try to back up my entire ROM image?
There are various questions here. It looks that I cannot download standalone original ROM image directly from Samsung so I must back up mine. But in the bootloader (which opens with volume up/down + home + power) it seems that there are no options for backing up rom image, only for restoring trough ADB of SD card. Should I try to root, install alternative bootloader and then back up everything.
There is one very important sub-question here: Will the phone signal me somehow If someone replaces the original bootloader with say, non-signed one? What If someone changes the bootloader as well as the system image?
2. Should I try to ecrypt my phone.
I cannot get easily information about what exactly is encrypted. Pretty sure that the bootloader itself cannot be encrypted anyway. How about the system image. Is it encrypted ?
I'll be thanful for any help about these two ideas as well as any others?
If you are paying to have the repair done by an entity other than Samsung then you have a great option available. Just out of curiousity, what version of android are you running? If I were in your shoes, I would root the phone and install a custom recovery (either TWRP or Philz). This will allow you to take a complete nandroid backup of the phone to the external SD Card. Confirm the nandroid backup has been saved to the SD Card then remove the card from the phone and store it somewhere safe. Then perform a factory reset to completely wipe the phone and have your phone sent out to be fixed. When you get your phone back, insert the SD Card and restore from the backup. It will be just as you left it and the possibility that anyone has been able to access or tamper with your phone is almost nil... Apart from possibly large national security agencies whom are known for having catalogs of common electronic items that have been compromised in various ways.
I can't speak for your exact phone, but I am quite familiar with encryption as well as the US-model Galaxy S3's. Unfortunately Samsung is known for running their own encryption schemes with are different and most often weaker than the stock. Custom ROMs with generally have an implementation based on AOSP sources. A 4 digit PIN or common passphrase can be easily broken with either, but a sturdy encryption passphrase will almost certainly provide sufficient protection.
Without knowing the specifics of your phone and whatever TouchWiz it's running, I can say this much. If you enable encryption on your phone, it will encrypt /data (application data) at a very minimum. This will almost definitely not include /system. It will probably not include the external SD card or any of the actual applications (the .apk files). The encryption would keep your data secure at rest, but it wouldn't prevent a motivated attacker from installing a hidden malicious application in the system.
You are correct in that the bootloader cannot be encrypted.
84598432951
fadedout said:
If you are paying to have the repair done by an entity other than Samsung then you have a great option available. Just out of curiousity, what version of android are you running? If I were in your shoes, I would root the phone and install a custom recovery (either TWRP or Philz). This will allow you to take a complete nandroid backup of the phone to the external SD Card. Confirm the nandroid backup has been saved to the SD Card then remove the card from the phone and store it somewhere safe. Then perform a factory reset to completely wipe the phone and have your phone sent out to be fixed. When you get your phone back, insert the SD Card and restore from the backup. It will be just as you left it and the possibility that anyone has been able to access or tamper with your phone is almost nil... Apart from possibly large national security agencies whom are known for having catalogs of common electronic items that have been compromised in various ways.
I can't speak for your exact phone, but I am quite familiar with encryption as well as the US-model Galaxy S3's. Unfortunately Samsung is known for running their own encryption schemes with are different and most often weaker than the stock. Custom ROMs with generally have an implementation based on AOSP sources. A 4 digit PIN or common passphrase can be easily broken with either, but a sturdy encryption passphrase will almost certainly provide sufficient protection.
Without knowing the specifics of your phone and whatever TouchWiz it's running, I can say this much. If you enable encryption on your phone, it will encrypt /data (application data) at a very minimum. This will almost definitely not include /system. It will probably not include the external SD card or any of the actual applications (the .apk files). The encryption would keep your data secure at rest, but it wouldn't prevent a motivated attacker from installing a hidden malicious application in the system.
You are correct in that the bootloader cannot be encrypted.
Click to expand...
Click to collapse
Thank You for the informative answer!
I had to do this once and what I did was:
- Root phone (which I always wanted to do)
- Perform a full backup to SD card
- Remove SD card and perform a factory reset of the phone
Then off to repairs.
Once back, I did again a factory reset (just in case) and then restore the lot
Seems a lot to do, but I have some sensitive data on it and didn't want to risk it too much. Besides during the restore I took the opportunity to upgrade to 4.3 (at the time)
glass
why dnt you buy a chinese glass and change it yourself its so easy and cheap, around 10 euros or so? i did the same for my old phone

Afraid Repair Shop may have stolen my data

Hi friends,
Today I did a most unwise thing: I left my smartphone in a repair shop without wiping all my personal data off of it. Now I'm afraid I may have fallen victim of stolen personal data.
I know this was plain dumb. I now ask myself what sort of trace that may have left behind. Log files? Perhaps Android somehow has recorded all access there has been to my files? I'm guessing the phone was connected by USB to a PC. Even if there is no such thing - or in the event that the phone was subjected to the creation of a some sort image file containing all its contents - maybe I can even rely upon some forensic tools in order to find out what interaction there has been with my phone during the hours I left it at the shop?
Phone: Vodafone Smart Prime 6 (VF-895N).
Android 5.0.2 Lollipop
Many thanks for any tries on alleviating my pain.
zeph7r said:
Hi friends,
Today I did a most unwise thing: I left my smartphone in a repair shop without wiping all my personal data off of it. Now I'm afraid I may have fallen victim of stolen personal data.
I know this was plain dumb. I now ask myself what sort of trace that may have left behind. Log files? Perhaps Android somehow has recorded all access there has been to my files? I'm guessing the phone was connected by USB to a PC. Even if there is no such thing - or in the event that the phone was subjected to the creation of a some sort image file containing all its contents - maybe I can even rely upon some forensic tools in order to find out what interaction there has been with my phone during the hours I left it at the shop?
Phone: Vodafone Smart Prime 6 (VF-895N).
Android 5.0.2 Lollipop
Many thanks for any tries on alleviating my pain.
Click to expand...
Click to collapse
Well, you can try reading some logs with CatLog app. There isn't much else to know except don't forget to wipe /data!

Making the S8+ completely theft proof

Hey!
It's my first post here so it this isn't the best place for such a question then by all means mods pls move the thread to where it should be
Basically, where I'm currently living (Brazil), things tend to get pretty violent and phone thefts are very common. Now the thing is, if it's an iPhone usually the thieves just throw it away, as once it's locked it becomes useless. When it comes to Android though, some of them will dig deep trying to access your info like pictures, passwords, bank information, among other things. They even manage to break IMEI locks and stuff. I got my S5 stolen recently and the information theft part put me through hell. Yet, I'd much rather have an S8+ then any other iPhone currently, so my question is how could I completely theft proof it?
I'm not really worried about them restoring the phone and reselling it, more about them accessing the data inside of it. I know the SD card can be protected through cryptography (although would accept "stronger" tips if there are any). When it comes to apps, aside from the basics of trusting what you install and stuff, are apps like Cerberus, Knox 2.0, or other Samsung features I'm not aware of, any good against someone who knows what they're doing? Is there a way to disable airplane mode or power offs? Also what is probably my strongest concern: is there a way to completely not allow system changes through a computer, like the one that removes the lock screen?
Being a programmer and computer science undergrad student (although not specializing in security nor mobile), I'd have no problem if the solutions would involve some coding or tweaking, just as long as they prove to be effective.
So, would you guys have any tips on how to completely secure the data given those concerns?
The sd card can be Encrypted and if you have a password lock (fingerprint irsi etc...) then it will ask for that before it will unlock the phone.
Also they have a remote wipe. You can log i to google and remote wipe your phone when you found out its been stolen.
You can set the phone to require a password to decrypt it when it's restarted. You can encrypt the SD card too. You can set it to lock instantly when the screen turns off. And you can use only a password to unlock it (no biometrics), which is the most secure option (if you use a suitable password). Finally, you can set the phone so that you can wipe it remotely, or to wipe itself after a number of consecutive incorrect password attempts. But even without the last two measures, your data will be unreadable without your password.
Unfortunately, though, if thieves are violent enough, they may be able to coerce you into divulging the password. If they succeed, they have full access to your phone.
Gary02468 said:
You can set the phone to require a password to decrypt it when it's restarted. You can encrypt the SD card too. You can set it to lock instantly when the screen turns off. And you can use only a password to unlock it (no biometrics), which is the most secure option (if you use a suitable password). Finally, you can set the phone so that you can wipe it remotely, or to wipe itself after a number of consecutive incorrect password attempts. But even without the last two measures, your data will be unreadable without your password.
Unfortunately, though, if thieves are violent enough, they may be able to coerce you into divulging the password. If they succeed, they have full access to your phone.
Click to expand...
Click to collapse
What about stuff like that Dr. Fone Toolkit that supposedly removes the lock screen? From the quick look I took it seems it somehow patches the Android on the phone to remove the lock screen. Is there some sort of system encryption/lock to avoid that kind of stuff when connected to a computer?
xile6 said:
The sd card can be Encrypted and if you have a password lock (fingerprint irsi etc...) then it will ask for that before it will unlock the phone.
Also they have a remote wipe. You can log i to google and remote wipe your phone when you found out its been stolen.
Click to expand...
Click to collapse
Usually they just put it on airplane mode though, so google remote wipe is useless... Which is why I was looking for more of an offline fix through cryptography and such
I use smart Lockscreen protector to prevent somebody putting my phone to airline mode or shutting it down ( It won't help phones with removable battery)
If you have the phone encrypted and have the require pin on boot set. And you have the Qualcomm version that is locked down you have nothing to worry about.
Even the iPhone 7 has been jail broken or rooted the S8 with the Qualcomm chip is one of only a few phones that have not been hacked. It's actually WAY more secure than an iPhone.
lvrma said:
What about stuff like that Dr. Fone Toolkit that supposedly removes the lock screen? From the quick look I took it seems it somehow patches the Android on the phone to remove the lock screen. Is there some sort of system encryption/lock to avoid that kind of stuff when connected to a computer?
Click to expand...
Click to collapse
The phone is completely encrypted, so if you set it to require a password to restart and to turn the screen back on, then its contents are unreadable without the password regardless of how you connect to it.
lvrma said:
...
Usually they just put it on airplane mode though, so google remote wipe is useless... Which is why I was looking for more of an offline fix through cryptography and such
Click to expand...
Click to collapse
If you have a lock screen set you can lock the status of your phone(wifi state, airplane mode, power settings). This way you have to unlock it to toggle these modes.
I just ran across this, some good advice.
http://thedroidguy.com/2017/04/setu...security-features-tutorials-1071462#Tutorial1
lvrma said:
What about stuff like that Dr. Fone Toolkit that supposedly removes the lock screen? From the quick look I took it seems it somehow patches the Android on the phone to remove the lock screen. Is there some sort of system encryption/lock to avoid that kind of stuff when connected to a computer?
Click to expand...
Click to collapse
Like you, I'm interested with this topic, but unlike you, I would like the theief to have a useless phone if they cant unlock it. So that they would think twice the next time they want to steal an android. Else they would just continue stealing since you just put the phone on download mode, connect to a computer and root it.
About your question. Isnt disabling usb debugging mode on developer option block that risk? Also in my note 4, enabling knox will prevent your device from being rooted, at least thats what i understand from the description. i wonder where it is in s8.
speaking of knox, s8 has "Secure folder". its like a secured environment within a phone. Everything you put in here will be protected by knox. Apps, accounts, files, etc. And it would ask for another security to access it(pattern/pin/password).
lvrma said:
Usually they just put it on airplane mode though, so google remote wipe is useless... Which is why I was looking for more of an offline fix through cryptography and such
Click to expand...
Click to collapse
you mentioned cerberus app, it has a function than can wipe device memory and wipe sd card via SMS command. so if you are fast enough, while the thief is running away and before he pulls out your sim card from the phone, you can send an sms command to wipe data.
Since you mentioned you are a programmer, this may be interesting to you, locking download mode and recovery mode on android to prevent thief from flashing hack to your phone. but this require a bit of patience if android isnt your forte.
https://ge0n0sis.github.io/posts/20...-mode-using-an-undocumented-feature-of-aboot/
BratPAQ said:
Like you, I'm interested with this topic, but unlike you, I would like the theief to have a useless phone if they cant unlock it. So that they would think twice the next time they want to steal an android. Else they would just continue stealing since you just put the phone on download mode, connect to a computer and root it.
About your question. Isnt disabling usb debugging mode on developer option block that risk? Also in my note 4, enabling knox will prevent your device from being rooted, at least thats what i understand from the description. i wonder where it is in s8.
speaking of knox, s8 has "Secure folder". its like a secured environment within a phone. Everything you put in here will be protected by knox. Apps, accounts, files, etc. And it would ask for another security to access it(pattern/pin/password).
you mentioned cerberus app, it has a function than can wipe device memory and wipe sd card via SMS command. so if you are fast enough, while the thief is running away and before he pulls out your sim card from the phone, you can send an sms command to wipe data.
Since you mentioned you are a programmer, this may be interesting to you, locking download mode and recovery mode on android to prevent thief from flashing hack to your phone. but this require a bit of patience if android isnt your forte.
https://ge0n0sis.github.io/posts/20...-mode-using-an-undocumented-feature-of-aboot/
Click to expand...
Click to collapse
Don't put your phone anywhere besides your pocket. Get a cover that makes it look like as different phone with a cracked screen.
the easiest way to encrypt sd and phone, enable adoptable storage.
cantenna said:
the easiest way to encrypt sd and phone, enable adoptable storage.
Click to expand...
Click to collapse
How is that easier than just selecting the Settings options to encrypt the SD card and to require a password to unlock upon restart?
---------- Post added at 06:08 AM ---------- Previous post was at 05:11 AM ----------
lvrma said:
Usually they just put it on airplane mode though, so google remote wipe is useless[.] Which is why I was looking for more of an offline fix through cryptography and such
Click to expand...
Click to collapse
Yes, and even without airplane mode, they can physically enclose the phone to block all electronic signals. Encrypting the phone (and SD card), using a secure password as the sole unlock method, affords the strongest protection against all attacks (except coercing the password from you).
Gary02468 said:
How is that easier than just selecting the Settings options to encrypt the SD card and to require a password to unlock upon restart?
---------- Post added at 06:08 AM ---------- Previous post was at 05:11 AM ----------
Yes, and even without airplane mode, they can physically enclose the phone to block all electronic signals. Encrypting the phone (and SD card), using a secure password as the sole unlock method, affords the strongest protection against all attacks (except coercing the password from you).
Click to expand...
Click to collapse
oh yea, may bad, i often assume everyone on xda is here because there interested in unlocked boot loaders, root and custom kernels. My recomindation applies only to people who have unlocked pandor's box only.
the method of encyption you suggested the isnt availble for users like me but we can enable adoptable storage which does encrypt the system by other means and it is compatible with root, etc
dynospectrum said:
Don't put your phone anywhere besides your pocket. Get a cover that makes it look like as different phone with a cracked screen.
Click to expand...
Click to collapse
Where can you get/ how can you make such a cover?
Also sometimes when I'm in bad Areas, I go to developer options and turn on some of the screen update stuff, so it flashes the screen purple a lot and make it look messed up.

Chip Off recovery not possible due to encryption?

I purchased two VS995's last year for myself and my wife from Verizon, and up until recently it worked great. Last month, I entered a boot loop that wouldn't stop and took it to a repair shop.
While looking into fixes that might work before contacting a shop, I remember reading that the V20 was encrypted by default as well as that by requiring a user to input a PIN during boot your device also was encrypted.
I assumed this would hinder recovery efforts and that I was throwing money away by taking it to a repair shop, but was assured that it wouldn't matter during a chip off recovery, since no data is stored encrypted.
I am familiar with data recovery from broken hard drives and partitions on both Linux and Windows, but I'm not sure about how the process works with encrypted file systems and chip off methods on Android devices.
If anyone could offer any information on if the above is correct regarding the encrypted file system and it not being a problem, or how to deal with it if it is, I would really appreciate it.
My thought process was to get an image of the file system and load it into either something like BlueStacks as the local file system to extract data off that wasn't backed up to the cloud (Quickmemos, current browser session on Chrome, the list goes on and on), or mount it using linux like any other partition.
I'm not sure if I can go in and ask the repair shop to specifically make a binary image of the chip so that I can recover the data myself or not and provide them with a flash drive, but I figure it's worth a shot. I used my phone in place of a computer, and had pictures of my family's social security information that my work had requested as well as internal documents I had to learn as a manager when I was promoted. I figured they were protected by the boot up password until I could back them up, and the phone died a few days before my scheduled backup. Anyone who repair phones for a living have any thoughts on how to request specific things from a phone repair place or how you want your data handled?
I appreciate all the help, and apologize for the long winded post. I wanted to try to cover everything in one shot I also forgot to mention that the phone is 100% stock. Thanks in advance!
userdata (all your actual data) certainly is encrypted by default (though rooting usually disables the encryption), requiring a pin at boot or not is just changing how the real encryption key is stored ( encryption key of the encryption key). AOSP article goes into some more detail.
No idea how shops handle it, I've just done a bit of research on it before.

Question Remove lost pin lock

Hi guys.
Helping a friend out here and since i've not been using a Samsung since my Note 4 era, i've kinda lost my knowledge regarding Samsung programs.
So she has forgot the PIN lock and the phone are now locked (well it still aks for the Pin lock). The last resort is to just wipe the damn phone, but as we all know, not everyone use the cloud so all the pictures are stored at the internal memory.
Any ideas if this is possible without USB debug beeing enabled?
If she can access using her Samsung or Google account maybe... not sure.
I never set passwords for device or bios access because you are the most likely to get locked out. Maybe through no fault of your own like if the password goes corrupted. It happens.
She will lose all data if she can't gain password access because the device's data is encrypted.
In the future she needs to redundantly backup critical data to at least two hdds that are physically and electronically isolated from each other and the PC. Some lessons you learn the hard way... been there, done that

Categories

Resources