Hi there,
Has any one tested the hardware disc encrytion that Samsung touted pre-launch? Are there any white-papers on how this works?
"Samsung has also taken steps to include Enterprise software for business users, that include On Device Encryption, Cisco’s AnyConnect VPN, MDM (Mobile Device Management), Cisco WebEx, Juniper,[28] and secure remote device management from Sybase.[36]"
Source https://secure.wikimedia.org/wikipedia/en/wiki/Samsung_Galaxy_S_II#Bundled_applications
Regards, F.
I asked on the CM forums, and CM does not have any disc encryption, yet. DOes anyone know about Samsung's offering?
BR.
Shame-less bump, in case some one has bought the i9100 by now and found the encryption option. Any one?
I found this gumpf about it. Its a third party product provided by Sophos.
"Antivirus & Firewall Security for Android Devices with Disk Encryption
SophosWith rising security threats and growing demands for the need of end point protection and data security are growing and so does Sophos comes forward and launches a mobile control which is mainly designed and is developed for smart phones like Android. This product comes with Sophos Anti-virus, Sophos Client Firewall and Sophos Disk Encryption which protects from threats and provides the disk encryption.
Basically, the SOPHOS secures the smart phones by centrally configuring all the security settings and then also it enables the lock down of unwanted features. With strong set of password and security policy it can even control the installation of apps, blocking use of cameras, browsers like You Tube etc. Also, additionally you can easily secure the access to the corporate mail by setting up the registered devices to access the mail.
Sophos Mobile control secures the mobile devices by centrally configuring security settings and enabling lock down of unwanted features. The features like strong password policy and lock period, control and installation of applications and blocking usage of cameras and browsers will help in enabling the enforcement of consistent "
Source: hxxp://androidadvices.com/antivirus-firewall-security-for-android-devices-with-disk-encryption/
galaxy s II I9100 has disk encryption built-in but disabled
I went through the files in initramfs and i found :
1) lots of encryption related strings and error messages in the /init executable
2) /init.rc has an event handler "on property:encryption.bootmode=remount"
3) /res/encryption.conftab - a configuration file that maps directories like /data to /dev/mapper/data to /dev/block/<data block device>
important point is that /init executable contains the name of this file and error messages relevant to the processing of this file.
4) /res/images contains images that together are a encryption graphic UI
Conclusion: Block-device level encryption is available and configured through dm_crypt by the init executable and some configuration files. Some flag probably exists somewere to enable this encryption.
Guess: after the flag is flipped the device should ask during boot for encryption password and encrypt /data /efs /cache /sdcard directories. On consecutive re-boots the same password will be asked to be able to mount through the configuration file(s).
Anyone knows how to enable the damn thing? Apparently Sybase have an app called Afaria AES for samsung that enables this functionality. I guess that they are doing it using some unpublished samsung security API. Maybe an extension of the DeviceAdmin class. Anyone know a way to check this?
I configured the standard email client to connect to my exchange server which enforces an encryption policy and then I got prompted to that my SGS2 would then encrypt itself.
I've no idea if there is a way to do it manually or even how to un-encrypt it if I ever remove the exchange account.
dwod said:
I configured the standard email client to connect to my exchange server which enforces an encryption policy and then I got prompted to that my SGS2 would then encrypt itself.
I've no idea if there is a way to do it manually or even how to un-encrypt it if I ever remove the exchange account.
Click to expand...
Click to collapse
Hi, When you say, the SGS would encrypt itself, did you mean that the internal discs would be encrypted, or was this referring only to the connection over Email. I think the latter and if so then this is not the correct thread for this discussion. If the former then this is remarkable.
I am also looking for a way to enable encryption. The ability to use hardware-assisted file encryption was the first thing that caught my eye when they presented the SGS II at MWC.
I have contacted Samsung about this (twice) and they were not really helpful at all. They only replied that you need third party tools to use the SGS II encryption features and that there is no tool included with the handset. They also ignored my inquiry for a documented API which would make it possible to write a little program to switch encryption on.
It seems that Sybase Afaria is one of the solutions with the desired ability, a Microsoft Active Sync server is another, both enterprise level products. The Sophos product mentioned above might be yet another.
If we could only get some information about the API all these products must use to administer the phone!
fryandlaurie
@forgetmyname:
I'm pretty sure that it is about file level encryption: Connecting to a corporate exchange server allows the server (if configured accordingly) to enforce a host of security policies on the phone. One of these policies may well be the encryption of all mail traffic but I doubt that you would be prompted to acknowledge that.
fryandlaurie
It would be great to be able to file encrypt private photos, I don`t think its enough with a program that requirre a password to show the hidden files. As if one have physical access to the phone one can easely get the pictures.
Two options for i9100 Encryption
oleost said:
It would be great to be able to file encrypt private photos, I don`t think its enough with a program that requirre a password to show the hidden files. As if one have physical access to the phone one can easely get the pictures.
Click to expand...
Click to collapse
On Stock Samsung ROMs pre-ICS you can use Galaxy Device Encryption free or pro by hellcat (see google play) for full device encryption, including optional encrypting of the external SD card. Note, it has to be stock rom for this to work on GB and this only works on certain Samsung models that they added the encryption ability to the OS but didn't give the user a way to activate.
ICS supports encryption natively and gives the user access to turn this on without a push from an exchange server or the like, assuming this hasn't been removed/disabled by the developer of the ROM you're using.
Ed
If anyone is familiar with Speccy for the PC they know more or less what I am looking for.
I am looking for an app that does a thorough audit of a phone (Android platform) but not only displays it on the phone (plenty of apps do that). Id want it to export the audit to a file that can then be opened on a desktop application with a easier to navigate and study interface.
Currently like I said there is a number of applications that can do part of this as an added feature, but I have not seen any dedicated app to do an audit of the phone, things from programs, spaced used, network, hardware, permissions for particular programs, etc. Id like it to be as thorough as possible, but to be viewable in a reasonably ok interface on a desktop.
Browser maybe preferably for the linux and iOS users so that it isn't tied down to one Operating system.
Any ideas of something like this, or anyone working on something similar?
sorry for reviving this thread but I'm interested as well.
What is Ads???
-(pronounced as separate letters) Short for alternate data stream, a function of Microsoft��s NTFS file system in which files can be embedded in other files and are invisible to the user through Windows Explorer (i.e., the ADS does not affect the size, function or display of the main file the ADS is attached to). While ADS files (which are well known throughout the hacker community) can be used maliciously by an attacker wishing to plant an executable file into another file without it being detected, ADS also is used legitimately by programmers. For example, an antivirus program can include a checksum value in an ADS attached to each file.
Effect of ads...
1.ads can slow your phone
ex.Script manager(Not Paid) has a ads if you are data enable
2.some ads has a virus Called ADWARE from not Known apps downloaded in others not in gp(google play), Virus means a software can destroy your files, hardware of your phone
How to prevent adware???
You need a adblocker app Here
adaway is a app that can block all ads especially ads in script manager
so download it and install on your phone
note:this is not a antivirus! if u want antivirus go Here
FAQS...
Q. why i need to download it here instead on google play
A. google removed all adblocker app in google play so you need to download it here
If u have bugs go here
dont forget to click thanks to me...:good:
Note: this app is not mine im sharing it for u
thank you
nulda said:
thank you
Click to expand...
Click to collapse
your welcome but click thanks bro...
There is no NTFS file-system on our phones, so there is no Alternative Data Stream.
ADS is shorthand for ADvertisementS, which are a legitimate way of making money of your applications if you don't want to charge the end-user money (like the unpaid script-manager, which displays ads)
It is rarely malware, and the reason Google has removed ad-blockers (or advertisement-blockers) from it's store is because ie negatively impacts on the revenue-stream of App-developers.
So, no alternative data stream, only some code that gets advertisements of google's servers so the developers can get a little bit of money for their efforts.
Thank you.
Seeing as Snapchat as a lot of security issues with it, an idea came to mind so I wanted to get a consensus of how interesting this project will be to others.
The general idea is as follows:
- Create an Xposed module that hooks into Snapchat much like KeepChat or SnapShare and encrypt the photo/video using PGP before sending
- Recipient will decrypt it and view as normal
There are already tools that can manage the keys such as AGP.
This idea can even go as far as quickly delivering any kind of encrypted data by embedding the data inside the image and using SnapChat's fast server as the delivery mechanism. The data can be saved using the same method as KeepChat.
(I am not quite sure on the legality of using Snapchat's servers to send small files other than images and videos.)
This will make for a nice way of quickly "emailing" documents and files to others.
In Depth:
This information may be out of date or useless but here goes.
File type and size limit: Any data (server does not care) so long as it is <= 1 MB - Source
Encryption is used (AES) so a possible way of accomplishing this without breaking Snapchat is to encrypt the data with PGP then hand it off to Snapchat to encrypt it with its own encryption scheme. This will make it easier to maintain, if any, for future updates of Snapchat. - Source
SnapShare can be modified (with the permission of the developer of course) to select any files <=1 MB and KeepChat's code can be used to store and decrypt the payload so much of the code already exists and is mostly just making a mashup of AGP, KeepChat, and SnapShare.
This whole concept is just steganography using Snapchat as the medium and method of delivery. Snapchat itself is fast, offers easy to use user interface, and already has a large enough audience. If this project picks up, maybe more people will become aware of the usefulness of PGP.
Hello,
So far, I had protected video and photo recordings with "Video Locker" or "Photo Locker" from the manufacturer "Handy Apps".
According to the description, it uses AES-128 encryption; in favor of performance, only the file header is encrypted instead of the entire file.
Then I found this report
-> (PDF) Breaking into the vault: Privacy, security and forensic analysis of Android vault applications
Weak points in various popular safe apps are shown here.
That sounded not dramatic and is certainly not easy to implement for the layman.
But now I have found a tool with which it is very easy to crack these encrypted files
-> GitHub: MatrikMoon / LockerBuster
"Video Locker" and "Photo Locker" use cheap XOR encryption. I was actually able to decrypt the files with the program in no time.
So now I've remove those apps from my Phone.
However, I still have Solid Explorer Pro, which also offers encryption.
The principle is probably similar - only the file header is encrypted, only here with AES-256.
But now the question is whether one can assume that such "header-only encryptions" are fundamentally insecure and easy to crack, or whether there is also "technology" that is secure.
What do you all mean?
I haven't found anything negative about Solid Explorer or a user who could be helped because the password was forgotten.
greetings from Germany