Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

[GSM Arena] Researchers say Android's factory reset feature flawed

Industry news items concerning VPNs, darknets, crypto, surveillance and secure computing.
User avatar

Topic Author
parityboy
Site Admin
Posts: 1096
Joined: Wed Feb 05, 2014 3:47 am

[GSM Arena] Researchers say Android's factory reset feature flawed

Postby parityboy » Sat May 23, 2015 9:59 pm

Next time when you sell, recycle, or, retire your Android smartphone after performing a factory reset, keep in mind that the device may still contain some you thought you destroyed. That's because researchers at Cambridge University have found that the OS' factory reset feature is flawed and doesn't work as intended.

The feature was tested on 21 smartphones (sold by five manufacturers) running Google's mobile OS version 2.3.x to 4.3, and it was found that all devices retained at least some portion of the old data, including images, videos, SMS, emails, as well as contact information stored in phone app and third-party apps like Facebook and WhatsApp.

What's worth mentioning is that the researchers were able to access this data even if the device was protected with full-disk encryption. Additionally, in majority of the cases (around 80%), they were also able to retrieve the master token which is required to access Google user data.

Based on the experiment, it was estimated that around a whopping 500 million Android phones are at risk.


Source

See attached.
Attachments
fr_most15.pdf
Security Analysis of Android Factory Resets
(1.98 MiB) Downloaded 382 times

User avatar

Topic Author
parityboy
Site Admin
Posts: 1096
Joined: Wed Feb 05, 2014 3:47 am

Re: [GSM Arena] Researchers say Android's factory reset feature flawed

Postby parityboy » Sat May 23, 2015 11:08 pm

@thread

This proves what I've been feeling for a while now. The future of data security on devices lies with the applications and their ability to store encrypted data within their associated sandboxes. "Device-wide security" (including FDE) either doesn't exist, or does exist and yet quite simply cannot be relied upon. Also, device-wide data stores (think Google email and SMS apps) have no future.

User avatar

marzametal
Posts: 504
Joined: Mon Aug 05, 2013 11:39 am

Re: [GSM Arena] Researchers say Android's factory reset feature flawed

Postby marzametal » Mon May 25, 2015 8:24 am

Who really... well, I take it back... a lot just "clean" and dump their phones. After the shit I have seen on here, I think I will literally brick it with a brick :)


Guest

Re: [GSM Arena] Researchers say Android's factory reset feature flawed

Postby Guest » Mon May 25, 2015 12:05 pm

"The future of data security on devices lies with the applications and their ability to store encrypted data within their associated sandboxes. "


Perhaps if ASLR is ever implemented properly there'd be a slight chance this is correct. Until such time its only a matter of knowing where to pull the keys from ram, or just indexing/scraping all files matching encryption key data heuristics- and even if some sort of advanced ASLR is implemented and somehow foils indexing- just dumping the entire ram if your on 4g or broadband wifi and bandwidth is plentiful would kill any possible authority- standard carrier baseband controls make all of this possible. Search "blackhat baseband" on youtube for details.

Cellphones are irreparably fucked- there is literally NO hope of maintaining authority of a system that was never designed to give you authority in the first place. Some of the most advanced modern systems- ie the 3.5k$ US galaxy S3 based cryptophone (which Jakob Applebaum uses) can only (maybe) let you know when you've been compromised... (assuming the fake base station is discernible from a real one- and the real ones are trustworthy....it works on tower white-lists iirc) -a secure future for cellphones has a dismal outlook; even the companies specifically trying to make secure phones are missing or quietly ignoring the root of the issue; which is hardware subversion.

On a related note- they're now taking preorder downpayments on the Neo900 based open source phone= so if you can live with a very outdated, laughably bulky phone with poor battery life and a resistive touch screen- But which has meaningful BASEBAND SEGREGATION and runs DEBIAN 100% foss in userland- there IS now a ~1k eu$ solution. http://neo900.org/ If you can possibly afford one- you should buy it on principle if for no other reason...

PS- a blender is fun... or kill it with fire...

User avatar

Topic Author
parityboy
Site Admin
Posts: 1096
Joined: Wed Feb 05, 2014 3:47 am

Re: [GSM Arena] Researchers say Android's factory reset feature flawed

Postby parityboy » Tue May 26, 2015 1:39 am

@Guest

Perhaps if ASLR is ever implemented properly there'd be a slight chance this is correct. Until such time its only a matter of knowing where to pull the keys from ram, or just indexing/scraping all files matching encryption key data heuristics- and even if some sort of advanced ASLR is implemented and somehow foils indexing- just dumping the entire ram if your on 4g or broadband wifi and bandwidth is plentiful would kill any possible authority- standard carrier baseband controls make all of this possible.


You're absolutely right, but realistically it depends on the threat landscape. In the context of the posted article, my statement was made to highlight the attack vector: rooting a used phone and pulling data from it, including data held in application sandboxes. If the files in the sandboxes were separately encrypted (i.e. within the related application) then while those files could just as easily pulled, decrypting them would be that much more difficult, especially if the device keychain/keystore got wiped.


Guest

Re: [GSM Arena] Researchers say Android's factory reset feature flawed

Postby Guest » Wed May 27, 2015 1:21 am

In the context of the posted article, my statement was made to highlight the attack vector: rooting a used phone and pulling data from it, including data held in application sandboxes.


*facepalms*
Sorry- I can be dense sometimes. You're totally right as well- no keys in memory in that circumstance, or maybe even on the device; if the keys haven't been collected previously, this might offer real security. I generally assume that keys are automatically scraped for use by state level aggressors- an educated guess, but one I feel fairly confident in given supporting evidence.

...oh- I learned the cryptophone is a bit more competent then I gave it credit for as well- the baseband firewall can apparently stop many compromises, at the expense of having the cpu never enter sleep mode. -it's a software sandboxing type setup; somewhat similar to some functions of the neo900. Not sure if I'd be 100% confident in that, but it's certainly a step in the right direction.


Return to “crypto, VPN & security news”

Who is online

Users browsing this forum: Bing [Bot] and 9 guests

cron

Login