Jump to content


Flawed Android Factory Reset

android security

  • Please log in to reply
7 replies to this topic

#1 OFFLINE   ebrke

ebrke

    Board Bigwig

  • Forum MVP
  • 2,715 posts

Posted 21 May 2015 - 08:00 PM

Ouch--apparently Android factory "reset" doesn't actually reset, at least in earlier versions of the OS:
http://arstechnica.c...pe-for-picking/
Registered Linux User 344759

#2 OFFLINE   lewmur

lewmur

    Discussion Deity

  • Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,604 posts

Posted 21 May 2015 - 08:32 PM

View Postebrke, on 21 May 2015 - 08:00 PM, said:

Ouch--apparently Android factory "reset" doesn't actually reset, at least in earlier versions of the OS:
http://arstechnica.c...pe-for-picking/
Another "The sky is falling!!!" reaction from so called "security experts".  An android "factory reset" doesn't format the data partition, so, if you are selling your devices you need to manually delete photos etc. from that partition.  But just like a PC HDD partition, when an internal SD partition is formated, the data isn't erased, the filesystem is re-written.  But if that makes you paranoid, use a recovery tool like TWRP to do a full wipe instead of the bulitin "factory" reset.

As to the system info that isn't fully erased, all you need to do is overwrite the existing info by creating a dummy user after reseting.

#3 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 23,104 posts

Posted 21 May 2015 - 11:37 PM

Exactly Lewmur
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#4 OFFLINE   lewmur

lewmur

    Discussion Deity

  • Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,604 posts

Posted 22 May 2015 - 01:25 AM

View Postsecuritybreach, on 21 May 2015 - 11:37 PM, said:

Exactly Lewmur
It reminds me of the numerous times I've seen laptops for sale on eBay or Craigslist that have had their HDDs removed "for security reasons".  Throwing money away.  If you merely format the HDD and don't choose "Quick Format", there is not one person in a million with the capability of recovering any data.  What are the odds that someone buying a single laptop on eBay is going to have that ability?  Much less take the huge amount of time and effort, to recover a complete stranger's data?  You've a much greater chance of being struck by lightning.

#5 OFFLINE   abarbarian

abarbarian

    Thread Kahuna

  • Forum MVP
  • 5,396 posts

Posted 22 May 2015 - 06:01 AM

I always used DBAN which is still developed but does not do ssd's. However DBAN was taken over by a Finnish company called Blancco in 2012 whod do have a offering that wipes ssd's and one that works for mobiles and androids. Also there is a stand alone fork of DBAN that can be used alone and is an included program in partedmagic.

http://www.dban.org/

http://www.blancco.com/en/

http://linux.die.net/man/1/nwipe

:breakfast:
Install ARCH
You'll never need to install it again
"I did and I'm really happy"

Posted Image~~~~~~~~~~~~~Posted Image

#6 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 23,104 posts

Posted 22 May 2015 - 09:40 AM

View Postabarbarian, on 22 May 2015 - 06:01 AM, said:

I always used DBAN which is still developed but does not do ssd's. However DBAN was taken over by a Finnish company called Blancco in 2012 whod do have a offering that wipes ssd's and one that works for mobiles and androids. Also there is a stand alone fork of DBAN that can be used alone and is an included program in partedmagic.

http://www.dban.org/

http://www.blancco.com/en/

http://linux.die.net/man/1/nwipe

:breakfast:

Very nice!! I used DBAN for many, many years but was disappointed when I read that they didn't support SSDs. So that was good news indeed
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#7 OFFLINE   abarbarian

abarbarian

    Thread Kahuna

  • Forum MVP
  • 5,396 posts

Posted 22 May 2015 - 09:54 AM

Yeah I think the Blancco version for ssd's is a paid for, not sure exactly what the nwipe will support but at least it is free. :breakfast:
Install ARCH
You'll never need to install it again
"I did and I'm really happy"

Posted Image~~~~~~~~~~~~~Posted Image

#8 OFFLINE   atiustira

atiustira

    Post Master

  • Members
  • PipPipPipPip
  • 235 posts

Posted 11 June 2015 - 04:51 PM

Good find ebrkeMost people would not know that when the app says Factory data reset This will erase all data from your phone's internal storage,including:Your Google accountSystem and app data settings Downloaded apps MusicPhotos Other user dataThat it actually leaves behind recoverable data like

Quote

One of the most concerning findings is that data users presume has been wiped during reset in many cases can be recovered and read even when a phone has been protected with full-disk encryption. That's because the file that stores the decryption key isn't erased during the factory-reset process. While the key is itself encrypted with a cryptographic salt and a user-selected PIN or password, recovery of the "crypto footer," as the encrypted file is known, gives an attacker everything needed to perform an offline cracking attack. Based on the data supplied in this post, security consultant White estimated successful cracks would take a matter of seconds for typical PINs and a matter of a few hours to a day for longer passwords.
Perhaps the firmware it self should delete the data and overwrite with xoxoxo several times.

Edited by atiustira, 11 June 2015 - 05:29 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users