Jump to content

Flawed Android Factory Reset


ebrke

Recommended Posts

Ouch--apparently Android factory "reset" doesn't actually reset, at least in earlier versions of the OS:

http://arstechnica.c...pe-for-picking/

Another "The sky is falling!!!" reaction from so called "security experts". An android "factory reset" doesn't format the data partition, so, if you are selling your devices you need to manually delete photos etc. from that partition. But just like a PC HDD partition, when an internal SD partition is formated, the data isn't erased, the filesystem is re-written. But if that makes you paranoid, use a recovery tool like TWRP to do a full wipe instead of the bulitin "factory" reset.

 

As to the system info that isn't fully erased, all you need to do is overwrite the existing info by creating a dummy user after reseting.

  • Like 1
Link to comment
Share on other sites

Exactly Lewmur

It reminds me of the numerous times I've seen laptops for sale on eBay or Craigslist that have had their HDDs removed "for security reasons". Throwing money away. If you merely format the HDD and don't choose "Quick Format", there is not one person in a million with the capability of recovering any data. What are the odds that someone buying a single laptop on eBay is going to have that ability? Much less take the huge amount of time and effort, to recover a complete stranger's data? You've a much greater chance of being struck by lightning.

Link to comment
Share on other sites

abarbarian

I always used DBAN which is still developed but does not do ssd's. However DBAN was taken over by a Finnish company called Blancco in 2012 whod do have a offering that wipes ssd's and one that works for mobiles and androids. Also there is a stand alone fork of DBAN that can be used alone and is an included program in partedmagic.

 

http://www.dban.org/

 

http://www.blancco.com/en/

 

http://linux.die.net/man/1/nwipe

 

:breakfast:

  • Like 1
Link to comment
Share on other sites

securitybreach

I always used DBAN which is still developed but does not do ssd's. However DBAN was taken over by a Finnish company called Blancco in 2012 whod do have a offering that wipes ssd's and one that works for mobiles and androids. Also there is a stand alone fork of DBAN that can be used alone and is an included program in partedmagic.

 

http://www.dban.org/

 

http://www.blancco.com/en/

 

http://linux.die.net/man/1/nwipe

 

:breakfast:

 

Very nice!! I used DBAN for many, many years but was disappointed when I read that they didn't support SSDs. So that was good news indeed

Link to comment
Share on other sites

abarbarian

Yeah I think the Blancco version for ssd's is a paid for, not sure exactly what the nwipe will support but at least it is free. :breakfast:

  • Like 1
Link to comment
Share on other sites

  • 3 weeks later...

Good find ebrkeMost people would not know that when the app says Factory data reset This will erase all data from your phone's internal storage,including:Your Google accountSystem and app data settings Downloaded apps MusicPhotos Other user dataThat it actually leaves behind recoverable data like

One of the most concerning findings is that data users presume has been wiped during reset in many cases can be recovered and read even when a phone has been protected with full-disk encryption. That's because the file that stores the decryption key isn't erased during the factory-reset process. While the key is itself encrypted with a cryptographic salt and a user-selected PIN or password, recovery of the "crypto footer," as the encrypted file is known, gives an attacker everything needed to perform an offline cracking attack. Based on the data supplied in this post, security consultant White estimated successful cracks would take a matter of seconds for typical PINs and a matter of a few hours to a day for longer passwords.
Perhaps the firmware it self should delete the data and overwrite with xoxoxo several times. Edited by atiustira
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...