From what I hear, android uses the standard linux dm-crypt for encryption. Obvio
ID: 658098 • Letter: F
Question
From what I hear, android uses the standard linux dm-crypt for encryption. Obviously you should have:
- A pin/password for your phone
- That pin/password should at least be 8 characters
The question is how much that already does to protecting the data on the phone. Let's just assume that the password you picked is "safe" and cannot be brute forced in any reasonable time.
1: Assuming the device does not use full disk encryption, law enforcement will still have access to everything, since they can still just read the data right from the sd card because it's not encrypted. Is that correct?
2: Even if you do have full disk encryption, it will only protect you as long as the device is turned off, since law enforcement can otherwise just read the data from ram. Is that correct?
3: Is there any benefit to disabling USB debugging?
4: Are there any security implications connected to rooting a device and/or using a custom recovery?
edit: law enforcement here is referring to normal police. Obviously you're gonna be screwed when NSA and the like are after you.
edit 2: When I'm talking about SDcard, I mean the internal card, I'm not talking about any external cards you might use.
Explanation / Answer
Indeed, without full disk encryption they will dump everything from the flash/sdcard regardless of your password, which should not be confused with the numeric PIN used to decrypt the SIM card.
When DMCrypt is employed, including the sdcard, it should be reasonably safe with a good password exceeding 12 random characters (pv9?PLJthL`A). With pbkdf2, this would fail only at NSA levels of brute-forcing.
So your next hurdle is to protect the contents of the RAM. The screen should be locked at all times with a short auto-lock timeout because once attackers can operate the device, all bets are off, they can change security settings, download tools and rootkits, image the ram and obtain the disk password, etc. The screen code should be strong enough to resist automated attacks, it's easy to automate an attack against a touchscreen and leave it running for a few months trying thousands or even millions of codes.
Not only you should disable USB debug, you should physically disable all data connections. Short circuit the USB data pins with a solder ball and leave only the power pins active for charging. Your goal is to frustrate the attacker and induce him to power off the phone and thus loose the RAM data. Any data connection will alow him a warm reboot using an external bootloader and dump the ram
While theoretical RAM freezing attacks are discussed, they are very difficult in practice due to the very low remanence of modern RAM chips, the fact they are soldered on the smartphone board and the myriad of phone model boards. By the time you desolder a RAM chip the data is long gone and the only way to dump it in-circuit is to have some sort of bed of nails device custom designed for the phone you are attacking. I wouldn't worry about this.
Instead I would concentrate on any attempt to run outside code on the CPU. All data connections are a vulnerability, including the sdcard. Bear in mind that an sdcard which, depending on the phone model, can be extracted without powering off the device, if found encrypted will be a major clue to the attacker that he should focus on RAM dumping. So I would rely on the on-board flash and disable the sdcard so that nothing inserted there can lead to code execution.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.