Samsung's site indicates the sgs2 has hardware encryption, but I can't find anything describing how to use it. Can anyone here offer any guidance or leads?
If anything it looks like the GS2 might be "Self Encrypting". Self Encrypting devices generate an internal random "key" when initialized and then use that to encrypt-and-store/decrypt-and-read data to/from the physical storage media (in the case of an HDD, a disk platter, in the case of an SSD or the Phone, Flash Chips).
You (the user) can't control the process, there's no way to specify the key or whether or not the encryption occurs. But if you were to disassemble the phone and remove the Flash chips, you wouldn't be able to (easily) extract data from those components.
If you password protect/lock you phone, if someone wanted to get data off the internal Flash chip(s), this prevents them from doing so. Accessing the data unencrypted would require the phone to be unlocked, first.
The external Flash doesn't have any capability to encrypt as far as I can tell, but if Sammy put an AES-certified encryption engine in to the phone's silicon, odds are there's a method to gain access to the HW, and applications could probably be written to take advantage of it for something like "external" storage...
I don't remember of voice traffic is encrypted or not. I suspect "not", at least not by default. But it's certainly possible Sammy included the feature for this purpose as well.
hchxoom said:
Samsung's site indicates the sgs2 has hardware encryption, but I can't find anything describing how to use it. Can anyone here offer any guidance or leads?
Click to expand...
Click to collapse
Seach the Dev forum for the Galaxy S 2 Hack Pack posted by AdamOutler - if there's any documentation on HW AES it'll be in the Exynos TRM.
I want to use my prime for work email however with our exchange policy it will not allow me to put on device security - no idea why.
Is there an alternative app I can use? If there is can I still use the asus widget? If not can I bypass this security? I have seen this has been done for ICS on the SIII so wonder if the same patch can be applied?
Thanks!
Hi everyone! This is my first post, but I have used the search tool already without success. I am just a user, not developer and quite noob regarding mobiles and security.
Situation
1. I've got hacked, total control (photos, emails, camera, contacts, whatsapp, screen etc) of my unrooted android phone (xiaomi redmi note 7).
It was a targetted attack, no manual app installed, no unsafe 3rd party apps allowed. Attackers only had my gmail account (linked to android) and telephone number. I know them personally, and they leaked personal information to people at work (who enjoy it between them but won't help me at all).
No high consumption of battery/data. Just leeching information, launching some apps eventually, and few interactions with the screen minimizing etc.
2. I Installed antimalware (e.g malwarebytes), antivirus (avg, esset etc). No positive results. I also installed "Noroot firewall" to control programs accessing internet, nothing strange.
3. I've changed emails(new), SIM + Telephone. Got hacked again. I suspect my own wifi was compromised.
Additionally, added 2 step verification to emails, changed passwords, encrypted the device etc. I have found no IP from them in the emails log, nor alert from gmail. Only once a session from Linux device (not mine). I believe they have accessed through the device.
4. I want to restore the device somehow and avoid getting hacked again.
One of the problems I face is taht that now I'm not in the same circle of people from which I gathered most of the info on the leaked information, so I can't get to know if the actions I am taking got rid of the hack, besides some punctual actions they may do (launch app etc). So I have to act quite paranoid and do the most secure action.
Question
1. Any idea on how they managed to do that? how can I prevent it or prove it? a reset would get rid of any proof, but I kinda prefer it if it is once and for all.
2. A hard reset only formats one partition (user data), so if there is a trojan located in /system it would be pointless. With an unrooted device I can only get rid of /cache and /data.
Should I install another ROM?(my phone has always been unrooted) which one? (restoring the stack ROM would probably be pointless if the vulnerability is due to android...
3. Is there any other measure I could take?
I'd appreciate any help.
Thank you!
I just switched from a pixel 3 XL to the v60.
I didn't need a work profile on my pixel. All my Gmail and drive apps worked with it.
Now that I have the v60, it forces me to make a work profile when I add my work email to drive or Gmail.
It makes it so I must use a screen lock. I just want to hit the power button to unlock. It blocks those options. In order to have 1 Gmail, 1 drive app, and disable screen lock, I have to delete the work profile, thus losing access to my work stuff.
Is there a way to have it like it was on my pixel? Just one app, and not be blocked from disabling screen lock?
TIA
As somebody on the IT team, I would wipe and blacklist your phone if I find out you're trying circumvent our security measures, and you wouldn't be the first. (When you log in to the portal, it tells us every single device that are out of compliance, so it doesn't even take serious effort to find out.) Then we would report what you did and how we responded to our c level exec.
But hey, that's just me protecting my company from security risks like you. You do you
jd254 said:
As somebody on the IT team, I would wipe and blacklist your phone if I find out you're trying circumvent our security measures, and you wouldn't be the first. (When you log in to the portal, it tells us every single device that are out of compliance, so it doesn't even take serious effort to find out.) Then we would report what you did and how we responded to our c level exec.
But hey, that's just me protecting my company from security risks like you. You do you
Click to expand...
Click to collapse
That's not how it works at all. IT admin has the ability to wipe the device if a separate work profile is not installed. A separate work profile prevents the user's personal data from being wiped.
OP- I'm the admin at my company, and I don't enforce a work profile for this reason, it's wonky and works like **** since inception. I came here hoping to see a workaround but it looks like that's a fail. This thing is getting traded as soon as T-Mobile gets a comparable replacement.
idefiler6 said:
OP- I'm the admin at my company, and I don't enforce a work profile for this reason, it's wonky and works like **** since inception. I came here hoping to see a workaround but it looks like that's a fail. This thing is getting traded as soon as T-Mobile gets a comparable replacement.
Click to expand...
Click to collapse
I was discussing this with someone on another forum the other day, and it sounds like this is tied to g-suite. I don't know all the ins and outs of it (I don't need a work profile for my job), but it sounds like companies can set up a bring your own device policy in g-suite for your company email address. When you log that email address on to your phone, Google detects it and forces you to set up the work profile. From my understanding, this is a Google issue/feature, not LG's doing. I wouldn't be surprised if you had the same problem on other phones when adding your corporate email address.
Mr_Mooncatt said:
I was discussing this with someone on another forum the other day, and it sounds like this is tied to g-suite. I don't know all the ins and outs of it (I don't need a work profile for my job), but it sounds like companies can set up a bring your own device policy in g-suite for your company email address. When you log that email address on to your phone, Google detects it and forces you to set up the work profile. From my understanding, this is a Google issue/feature, not LG's doing. I wouldn't be surprised if you had the same problem on other phones when adding your corporate email address.
Click to expand...
Click to collapse
Actually I have work profiles set for opt-in only. When I had this happen yesterday, I checked the admin panel of our gsuite account.
Funny thing is, I returned my v60 and reactivated my wiped OP8, and it now requires a work profile too.
This leads me to believe it's not enforced by gsuite, but by android in some recent update. I didn't need a work profile on this same phone yesterday, but had the account logged in since I had the phone so it must have grandfathered it in somehow until I factory reset it.
Kind of sucks that I can't combine calendar widgets and whatnot but I guess I'll deal with it since I have no choice....as the admin even lmao.
idefiler6 said:
Actually I have work profiles set for opt-in only. When I had this happen yesterday, I checked the admin panel of our gsuite account.
Funny thing is, I returned my v60 and reactivated my wiped OP8, and it now requires a work profile too.
This leads me to believe it's not enforced by gsuite, but by android in some recent update. I didn't need a work profile on this same phone yesterday, but had the account logged in since I had the phone so it must have grandfathered it in somehow until I factory reset it.
Kind of sucks that I can't combine calendar widgets and whatnot but I guess I'll deal with it since I have no choice....as the admin even lmao.
Click to expand...
Click to collapse
I can understand the frustration, but this sort of functionality makes sense to me. Keeping the work profile sandboxed protects corporate info.
Mr_Mooncatt said:
I can understand the frustration, but this sort of functionality makes sense to me. Keeping the work profile sandboxed protects corporate info.
Click to expand...
Click to collapse
Again, that's not the case. Device Policy protects corporate info. That's enforced with or without the work profile. The work profile protects personal info from being erased in the case of separation from the company.
I am having this exact problem with my new LG Velvet... my pixel 2XL and pixel 3a had no problem. I am also the company owner/admin/janitor/sales assistant.... switching profiles to check my six email accounts is a giant pain. Sooooo Aside from the, not helpful, justification for this supposed new " feature" does anyone have any suggestions?
I have asked my company about this. They have not set anything like this up. So, it's not on their side. I have no info that private. So it's automatic. Something on LGs side. Maybe this thread will get some attention. Hoping for a fix.
Mr_Mooncatt said:
I was discussing this with someone on another forum the other day, and it sounds like this is tied to g-suite. I don't know all the ins and outs of it (I don't need a work profile for my job), but it sounds like companies can set up a bring your own device policy in g-suite for your company email address. When you log that email address on to your phone, Google detects it and forces you to set up the work profile. From my understanding, this is a Google issue/feature, not LG's doing. I wouldn't be surprised if you had the same problem on other phones when adding your corporate email address.
Click to expand...
Click to collapse
I agree it's a Gsuite thing... I tried opt-in and then I completely disabled work profiles in my gsuite admin and waited the recommended 24 hours. I have also factory reset the phone AFTER said changes. I added my primary (personal) Gmail no issue but as soon as I added the gsuite one I'm back in the same "Google Play services requires account action" loop. when I click on that it wants to add a work profile.
God67 said:
I agree it's a Gsuite thing... I tried opt-in and then I completely disabled work profiles in my gsuite admin and waited the recommended 24 hours. I have also factory reset the phone AFTER said changes. I added my primary (personal) Gmail no issue but as soon as I added the gsuite one I'm back in the same "Google Play services requires account action" loop. when I click on that it wants to add a work profile.
Click to expand...
Click to collapse
I don't think it's g suite. Bc my pixel did not do this.
This work profiles thing is such a garbage solution to the problem. Google is shooting themselves in the Android foot by doing this. Seriously? BYOD means using multiple email apps and multiple calendar widgets and me buying an iPhone? Seems to be the simplest solution. Thanks.
any day google can increase the security more and more... i think even if you get it working this time, it might not last long. its a huge pain and now i just access work emails via mobile browsers and i believe Firefox beta can load office365 and gsuit apps or most of them.
Not sure where I am going wrong here.
Had my phone just fine using some variant of PE9. I like to have both my work and personal profiles 'merged' on the device so that I can select between them using the profile image top right in google apps. Also merging personal and private contact lists which I keep separated. I have a vague memory a long time back when setting up the phone or adding the work account there was a question similar to 'is this your device or supplied by your organisation' and when you said it was yours you could refuse a work profile ?? I should also point out I am the organisation admin and can change any organisation wide settings for the device policy etc for the work / org profile.
Did a reset (to the PE9 IIRC ROM), and it demanded I encrypt the partition, did so, added my personal profile but adding the work profile demanded I again encrypt.. This also came with the annoying PIN on boot. I have since updated TWRP and did a full reset and think this has gone but mentioning it. This resulted in the outcome or a work profile and a personal profile and an inability to 'in app switch' them. This is the result I dont want.
I have since done an update to PE10 Plus (same outcome) and a factory reset trying multiple ways (personal account first, corp account first) and none of them result in the setup I desire.
I dont know if this is a PE issue, an Android Q issue, a corporate device policy setting I need to change, or an on device setting.
Whatever it is its annoying the hell out of me.
Any ideas ??