Related
Someone mentioned this in another thread, but this is a topic that should have it's own separate thread.
Some of you may have already read the news: Michigan: Police Search Cell Phones During Traffic Stops
Don't assume it won't come to your town.
I can't say I plan to do anything that would warrant police suspicion, yet I don't like the idea of anyone being able to easily pull data from my device. And we know cops won't be the only ones with these devices. So I've been wondering, how can we protect our Android devices from the CelleBrite UFED?
Check out this video that shows some of the features it has, keep in mind it does much more and can even extract DELETED data.
See the company's product page here: http://www.cellebrite.com/forensic-products/ufed-physical-pro.html
This research paper talks about the CelleBrite UFED and other extraction methods. (CelleBrite UFED is talked about starting on page 9.) I doubt there's a means to prevent all of those methods given some involve long term handling of the device, but CelleBrite UFED can extract data when a device is retained by the CelleBrite UFED user for a short period of time. It looks like HTC Android type devices can only be extracted from via the (micro)USB Port and it requires USB Storage and USB Debugging turned on. The CelleBrite UFED has to gain Root Access. It can get by screen passwords and root even a device that was not yet rooted.
There's another thread where someone was requesting a ROM that would not work with the CelleBrite UFED. I'm not sure how to make a ROM or anything else that would not work with the CelleBrite UFED without limiting certain features we all may use from time to time.
Over on Slashdot, someone said they hacked their device (Nexus One) to not do USB client mode. This is another option that would limit some features many of us may use.
So, how can we protect our privacy and our data? Does it mean sacrificing some features like USB storage mode?
The biggest problem is what's missing from Android itself. Meego might be protected but not Android.
You would need an encrypted boot loader that retains root for some users.
A kernel and os files that support different users so the default user is not root like Linux and a prompt with a password for superusers not just an Allow like now for Android.
Encryption libraries that would support truecrypt encryption of both internal and external (SD card) encryption in toto not just individual files.
A true trash system that overwrites files like srm in linux and sswap for wiping the swap file after every system reboot.
Ultimately I don't see it happening. In theory if you were running Ubuntu on your phone then yes cellbrite would just crap out not knowing what to do with your phone. Same possibly with meego. But then no real app support, no navigation and driver support is crap even for ROMs using the same os let alone a different OS like true linux.
It's amazing how many don't even bother deleting thumbnails hanging around on their computers or securely wiping files on their computer. Same with swap files retaining passwords or even website cookies that have the same password as their computer.
Best thing to do, don't keep anything that could be bad on your phone. Use a cloud system or home server sync that requires a seperate login every time and keeps no local files. Or as I do, encrypt the hell out of anything you find valuable, which currently is only my complete backups...
Sent from my Xoom the way it should be, rooted and with SD card.
This is where that cheap Boost Mobile phone comes in, or any other prepay phone. Just hand the officer that one. Store your personal data on your smartphone.
chbennett said:
Best thing to do, don't keep anything that could be bad on your phone. Use a cloud system or home server sync that requires a seperate login every time and keeps no local files. Or as I do, encrypt the hell out of anything you find valuable, which currently is only my complete backups...
Sent from my Xoom the way it should be, rooted and with SD card.
Click to expand...
Click to collapse
Hello, All. This is my first post at xda-developers!
Since I'm new to Android, data security has concerned me. Climbing the learning curve of rooting and tweaking my SGH-T989, I've focused on control, security, and privacy. So far pretty good, thanks largely to members' posts at this site. Thank you very much!
Then this thread crushed me. Visions of "1984", "THX 1138", "Terminator", etc.
I considered the suggestions here. Thoughts about the OS seem right to me, but that's beyond my abilities. I did try following chbennett's advice: I enabled encryption in my backups and moved them to the internal SD.
But I don't yet know how to do the 'home server / log in on demand' scheme for contacts and calendar. I will appreciate any help with that.
Meanwhile, I looked for a way to make a 'panic button' that would let me wipe my phone immediately. What I chose was making a contact whose phone number is the USSD code for Factory data reset.
Maybe Tasker, etc. could streamline this approach; but my trials showed that, unlike MMI codes (e.g., to toggle caller ID blocking), USSD codes cannot be submitted to the OS indirectly. So swiping a contact, direct dial shortcut, etc. did not work. On my phone, all that worked was either 1. manually dialing the code, or 2. dialing the contact name, then tapping the contact.
So the routine to use this 'panic button' is:
1. launch Dialer
2. dial the contact name
3. tap the contact name in the search results
4. tap "Format USB storage" in the "Factory data reset" dialog
5. tap "Reset phone" button in the "Factory data reset" dialog.
It sounds clunky, but it's actually pretty quick. I named the panic button contact "XXX" to avoid confusability when dialing (it needs only "XX" for a unique match.)
If you can suggest improvements to this scheme, or think it is misguided, please let me know. Thanks.
Any updates on this? I'm curious as to how to guard against ufed.
I think an instant hard brick option would be better so theres nothing to recover as i dont believe the factory reset is a secure wipe
Possibly a voice activated secret phrase or keypress u could say/do super fast in a tricky situation that autoflashes a corrupt/incompatible bootloader and recovery to device after secure superwipe that should stump them for awhile
im still interested in this i disabled usb debugging on my phone but unsure if the UFED can still access anything on my ICS full encrypted passworded evo3d im assuming they could dump the data at most but i highly doubt they could access the decrypted data unless you used an insecure pass
If you have encryption enabled for your data partition, then all you need to do is to turn off your phone when you see a cop. If they take it from you, they can turn it on and hook up their device, but they will only be able to snarf the system partition, which does them no good. They'd need your password to mount the data partition.
If you look around on this forum, you can find the steps necessary to switch the lock screen back to a simple pattern lock while leaving the disk encryption enabled.
Are you sure Cellebrite and UFED or w/e can't access encrypted data partion? I know it can take an image of the phone "hard drive". They then can run password tools against image to unlock it no?
dardack said:
Are you sure Cellebrite and UFED or w/e can't access encrypted data partion? I know it can take an image of the phone "hard drive". They then can run password tools against image to unlock it no?
Click to expand...
Click to collapse
I'd like to know about this too. I am about to set up encryption on my device and I'd like to know more about what type of attacks it can beat.
Edit to add: I assume brute force attack protection is like any other type of encryption.....dependent on the strength of your password. But, assuming we all know that already, I'm still curious about this.
If the question is how to protect your device when you think someone would scan your phone, you'd have to have some sort of inclination that a scan is about to happen. I'm assuming this is many people's concern as they're considering wiping their device through a quick process. In that scenario, just turn off your device. Unless you warrant suspicion of something fairly bad, they wouldn't be confiscating your cell phone.
smokeydriver said:
...Unless you warrant suspicion of something fairly bad, they wouldn't be confiscating your cell phone.
Click to expand...
Click to collapse
We all wish all law enforcement was just and honest, but so far in world history that has not been the case. Even a pretty woman may have her phone scanned by a curious cop snooping for pics.
Sent from my HTC One using Tapatalk 2
I would still like to know if there is an answer here...
So I recently had some dealing with assisting in a Cellbrite search. We initiated and enlisted the help of law enforcement for an employee who was doing some illegal activity which is not relevant to this discussion other than the person used an iphone. Anyway, the investigator came in and wanted to know if I can enable the bypass for the automatic screen lock in 5 minutes because when it locked, it disabled the Cellbrite copy.
Now, couple things here, he was only doing what he was "allowed' to do in the local municipality, and he did say they sell a more expensive Cellbrite device which would be able to crack it. I did find it interesting that the simple corporate Activesync policy I have set up was actually having this effect. Anyway I removed the policy and it worked. Funny thing is he could have done it himself had he known anything about that kind of thing. He was presented to us as an expert but I guess that mainly covered a basic Cellbrite expertise.
So, I do think encryption would be a great answer as the partition would be hard to bust in to. Nothing is impossible but I would rather not smash my phone on the highway next time I get pulled over so I would like to know definitively that this is the right approach. This is definitely not paranoia as there are at least 3 states where it looks like it happens regularly.
Time to look at a 2600 group for stuff like this I guess. I am early in my investigation
Later
Hello to you all people of XDA, firstly I must state that I've scoured the forums far and wide and have yet to find some valuable info regarding my problem.
So what we're doing is developing (or trying to, as is obvious from this post) a custom rom for the Galaxy S2 which would be used for a single medical application for sensor tracking and the processing and displaying of said data on the SGS2, while at the same time sending it to his/her doctor.
What we need to be able to achieve with this rom is to put it into the hands of the end-user (a chronical patient which will in turn be able to stay at home instead of being hospitalized) and be able to completely lock down the phone for his use (I know, it sounds terrible) so that he loses the phone/sms/games/youtube/internet functionality as we need the phone to run as stable and for as long as possible without any additional battery stress (the constant sending, processing and processing of data seems enough of a problem for now).
I've searched into some custom roms but we eventually came up with the need for a stock Samsung rom which could be modified as we want to.
See this is where the problem begins, we can't seem to get the phone rooted, the ROM customized and then unrooted again so that the phone can't be fiddled with anymore, except when it's completely dead and we need to fix it.
So to cap it all up:
It needs to allow for a custom load and bootscreen (I almost got this to work)
It needs to be completely locked down for the end user.
It has to have full BT, NFC and WiFi functionality
It has to be able to call out and reciev calls, but only to/from specific numbers (911, doctor, etc..)
It has to basically allow for 2-3 programs to be running, while the others simply don't exist on the phone.
I am terribly sorry if anything like this has been asked about before, I swear I put 2 days of me life into researching already.
Any help, any help at all, ideas and solutions, but mostly links are welcome.
Thank you and good day to all.
Just a detail, but the SGS2 doesn't have the NFC functionality. Project seems to be possible, I would look into CyanogenMod sources if I was you.
Sent from my GT-I9100 using XDA App
Why are you afraid of leaving the phone rooted and in hands of the patient?
Is he so uncritical that he can search the web and find means of unrooting a mobile phone and then get around to actually doing it?
LucLucLuc said:
Hello to you all people of XDA, firstly I must state that I've scoured the forums far and wide and have yet to find some valuable info regarding my problem.
So what we're doing is developing (or trying to, as is obvious from this post) a custom rom for the Galaxy S2 which would be used for a single medical application for sensor tracking and the processing and displaying of said data on the SGS2, while at the same time sending it to his/her doctor.
What we need to be able to achieve with this rom is to put it into the hands of the end-user (a chronical patient which will in turn be able to stay at home instead of being hospitalized) and be able to completely lock down the phone for his use (I know, it sounds terrible) so that he loses the phone/sms/games/youtube/internet functionality as we need the phone to run as stable and for as long as possible without any additional battery stress (the constant sending, processing and processing of data seems enough of a problem for now).
I've searched into some custom roms but we eventually came up with the need for a stock Samsung rom which could be modified as we want to.
See this is where the problem begins, we can't seem to get the phone rooted, the ROM customized and then unrooted again so that the phone can't be fiddled with anymore, except when it's completely dead and we need to fix it.
So to cap it all up:
It needs to allow for a custom load and bootscreen (I almost got this to work)
It needs to be completely locked down for the end user.
It has to have full BT, NFC and WiFi functionality
It has to be able to call out and reciev calls, but only to/from specific numbers (911, doctor, etc..)
It has to basically allow for 2-3 programs to be running, while the others simply don't exist on the phone.
I am terribly sorry if anything like this has been asked about before, I swear I put 2 days of me life into researching already.
Any help, any help at all, ideas and solutions, but mostly links are welcome.
Thank you and good day to all.
Click to expand...
Click to collapse
Block all internet access apart from ones you want or you can just setup iptables rules, shouldnt need root apart from when setting it up
As far as removing programs, just delete the apks from the zip, or before you remove root. My sig has a list of all apks in a upto date rom and what they do.
You can use gemini app manager to control autoruns (stop them etc) also to block (hide and disable apps)
As far removing root, your best bet is to once you are done, use adb (from the android sdk) to remove the superuser.apk then flash the stock kernel back, as far as I know without superuser apps cant grain root permisions.
OR
This app will allow you to block any app behind a password
This app will block incoming and outgoing sms and calls on white and blacklists
Custom boot logo (the first screen before the animation)
Custom boot animation need to go into system/media, I am not sure about the format but there are loads around, like this thread has loads, stock kernel should support them.
I hope that helps
Most of that is easily possible.
If you listed the apps needing removed, the apk files just need deleted.
To control calls, you can use a third party app from market for that.
It's possible to have the custom rom unrooted, and easily flashed, regardless of how badly the phone gets rooted
Boot animation is easy anyway... If you can provide it in a zip like other ones (zip containing numbered png's) then it's a piece of cake.
A little bit of clever firewall stuff would prevent any web traffic, in or out, except to your defined server, which is obviously a concern when a phone is handling sensitive medical info.
genieass said:
Why are you afraid of leaving the phone rooted and in hands of the patient?
The phones are going to be used by around 500.000 people in a year, it's not that we want to take anything away from the user, it's more about not having any problems with the firmware - like ever.
Thanks for all the help!
Click to expand...
Click to collapse
genieass said:
Why are you afraid of leaving the phone rooted and in hands of the patient?
The phones are going to be used by around 500.000 people in a year, it's not that we want to take anything away from the user, it's more about not having any problems with the firmware - like ever.
Thanks for all the help!
Click to expand...
Click to collapse
LucLucLuc, not sure where you live, but you're entering the patient confidentiality minefield with big, big boots.
Apart from the legal considerations, your question is definitely OS related and not device related.
I see what you want, but legally - where I live anyway - it's too much of a grey area to get involved with.
I use call recording a lot for referrals and info from other doctors, but I've always asked the other party if they're OK with it. I won't record patient conversations, and I won't accept any files whatsoever that have seen RIS or PACS first - not worth it.
Can't see it's worth your while, but I'd appreciate it if you keep me informed should you decide to work on it.
Big boots indeed
We are from Slovenia, Europe.
I'm actually just a student doing the research and some basic Android programming, thank god I wasn't let into the bigger of the projects
But yes, this project is a colaboration of several european firms and you can read more about it at chiron-project.eu - it's a very very interesting project afaic.
I don't think we'll be swimming with lawyer piranhas soon though, the project uses sensor data (which sorta is a privacy issue) which will be monitored on a tablet running Android (currently testing the Galaxy tab 10.1 - we were lucky to order one before Steve had another one of his fits), proccessed in real time and then stored on the central server, from where it will only be accessible by the patients doctor.
Patient consents are dealt with before we even start talking about mobile hospitalizations.
It's very encouraging to see some actual interest, if anyone wants to know more about anything related to this project contact me at [email protected]
Thanks again for all the help.
I know much of developers says.. why should i develop a great file explorer i can't root....
but im think some developer has great ideas too root it and im think wp8 is perfect with a great file explorer that can be
-- Look up files on sd card and devices
- extract and packed *.Zip files
- Send files per bluetooth
- Make a file share for lan!!! -> share it on local network
. supports a windows Local Network share in a lan to connect to computer and otherwise
- Mark up fileas and folder Copy /Past / cut
as how total commander or windows explorer look up
root can be able if one devolepr release a root and if it is not avable share the files that unroot aviable
note: a developer becomes a root certification too root the device as developer ...
Easy for you to say, impossible for us to do.
Step by Step ???
or is it technickal a problem to show files from basic files like music / fotos / documents /videos and sd data a tool that show it is this possible?
mcosmin222 said:
Easy for you to say, impossible for us to do.
Click to expand...
Click to collapse
It is impossible. Don't think we didn't think about it. The system simply does not allow third parties to check on the file system.
Rooting seems impossible right now too.
some infos
Rooting seems impossible right now too.[/QUOTE]
http://forum.xda-developers.com/showthread.php?t=2268765
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=1966327
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=1934388
Click to expand...
Click to collapse
allesand said:
Rooting seems impossible right now too.
Click to expand...
Click to collapse
[/QUOTE]
We still don't have any solutions yet... Don't bank on rooting being possible yet. The article about the root certificate shows SOME promise, but doesn't make anything possible. Even though WinRT and WP8 run a similar kernel, there are some differences to the certificates. All we can do right now is wait.
snickler said:
We still don't have any solutions yet... Don't bank on rooting being possible yet. The article about the root certificate shows SOME promise, but doesn't make anything possible. Even though WinRT and WP8 run a similar kernel, there are some differences to the certificates. All we can do right now is wait.
Click to expand...
Click to collapse
http://dotnet.dzone.com/articles/building-file-picker-windows
i said step by step xD what is this??
allesand said:
http://dotnet.dzone.com/articles/building-file-picker-windows
i said step by step xD what is this??
Click to expand...
Click to collapse
this is an article about reading from the SD Card. Yes, that is possible but it means nothing to getting root access right now. You still canNOT read from outside of the Documents, Music, Pictures folders and the isolated storage of the local app you are trying to read. As long as you can't touch the System partition, you won't be able to do anything. So we are back at square one mate
snickler said:
this is an article about reading from the SD Card. Yes, that is possible but it means nothing to getting root access right now. You still canNOT read from outside of the Documents, Music, Pictures folders and the isolated storage of the local app you are trying to read. As long as you can't touch the System partition, you won't be able to do anything. So we are back at square one mate
Click to expand...
Click to collapse
but a file Manager that reads documents photos and sdcard is missing as simmilar as a Version that has root accses
im missing usb thetering on phone
Microsoft decided that phone apps should not be able to read most common file formats. We can't even read a god forsaken XML file from SD cards.
mcosmin222 said:
Microsoft decided that phone apps should not be able to read most common file formats. We can't even read a god forsaken XML file from SD cards.
Click to expand...
Click to collapse
we must hack it is bad without ..................
allesand said:
but a file Manager that reads documents photos and sdcard is missing as simmilar as a Version that has root accses
im missing usb thetering on phone
Click to expand...
Click to collapse
You truly are NOT getting the point are you... lol.
We are stuck at waiting until someone with experience can potentially find the smallest fluke to exploit. As it's looking right now, Microsoft put the epic lock & chain on WP8.
I am pretty sure they will make it possible eventually, just the way they did in WinRT. The kernels are not yet fully unified yet.
Hopefully.
mcosmin222 said:
I am pretty sure they will make it possible eventually, just the way they did in WinRT. The kernels are not yet fully unified yet.
Click to expand...
Click to collapse
it is a Basic function of Windows that has make Windows big and then they stoped it very bad
They didn't just leave it out, they left it out for a reason. The file system is a huge security vulnerability. They probably made it a priority to get it working on RT first then WP.
mcosmin222 said:
They didn't just leave it out, they left it out for a reason. The file system is a huge security vulnerability. They probably made it a priority to get it working on RT first then WP.
Click to expand...
Click to collapse
ihope you are rigth
isn't it NTFS?=== but the source Settings -> Mobilephone Memory can read it
The operating system is clearly not a mallware.
Yeah... security is about preventing unauthorized actions. If I'm explicitly authorizing an app to access my filesystem (hell, make it a popup message box confirmation, like for apps that use the GPS), it's because I want the app to access the goddamn filesystem.
WRT at least still has Explorer and CMD and Powershell and such... WP8 lockdown is not about "security" in the proper sense, it's about control. The average user doesn't know enough about security to make good decisions there, but Android's popularity has only increased as it has gotten easier to root the devices. Meanwhile, iPhones (which are also all about control, and it's not in the hands of the user) are in a relative decline (marketshare, not absolute numbers) and have lost nearly all their first-mover advantage in the "modern" smartphone wave. Microsoft never had that advantage (they squandered what they had with WinMo and were late to the current wave) and their control-freak-ism is directly hurting them (as a random example, VPN apps were possible on Android even before there was on official VPN API; you just needed root).
A lot of developers have expressed their need to use the file system. I am sure Microsoft will eventually allow it.
So i actually work on a campus and just got pulled off the network on my phone.
It looks like i got something nasty on the phone that is acting like a port sniffer and reporting back to a server.
I got pulled off the net because my phone was basically scanning any/all computers/servers/devices on the campus net and sending out thousands of requests and packets and looking for open ports.
So apparently virus / malware / hacking on android phones is real and does happen.
I was also getting app crashes and rebootes for about 2-3 days leading up to this.
I hit a few websites that detected i was on a phone days back and were triggering auto-downloads of apk files. i didnt want nor did i ask for apks, nor was i trying to download any files of any type at the time.. I made sure to use a file explorer and delete them all, but something somehow must have gotten in there.
Anyone know any worthwile apps for combating such? I hear some people use avast, but again it seems most people just say there are no viruses for phones, but now that i see that isnt true i want to find something that actually works.. if there is something that is lol.
Hi guys, I was just thinking if my PC , from which i read emails sent for my gmail account which is the same account I have on my Android device , gets hacked one day, and the hacker also has some virus app hidden at Play Store, if he could remotely keep installing this virus app at my Android device perpetually , even if I format my device .
Gmail is pretty bullet proof as long as you don't bring in downloads. What's kept in the cloud, stays in the cloud.
Never in over 12 years had a virus infect either Android or Window device via Gmail. Which is why I use it.
Most infections are downloaded or installed by the user including those nasty jpegs and pngs. Had one recently that destroyed files in my downloads folder but never got beyond that.
Perhaps because I discovered it within minutes and was able to isolated it ie delete it.
Simply changing your password after the Android reload would defeat the hacker anyway. Right?
For real paranoia there are viruses that can allegedly escape a reload purge by hiding in what should be immutable areas of the internal memory. Presumably only a firmware reflash could eradicate them.
The SD card is another hiding place...
Keep at least 2 hdd backups of it that are physically and electronically isolated from each other. Enforce this isolation if there is the slightest sign of malware until it's eliminated.
Losing your head with a infected device can destroy your whole data base... got to keep them separated.
It may get one, even two devices but not the isolated hdds unless you screw up bad.
Tks for the reply and for the hints
The reason for my thread was that I got at my new tablet, an adware which would pop up the Google Play Store with the app IQ Option ( a Forex app , from IQ Option ) . The IQ option "pop up" started after installing Netflix , Amazon Prime and... a paid calculator app called Calculator Infinity from Inception Mobile.
I already contacted Samsung which asked me to take the tablet to the repair service, I contacted Google which asked me to take numerous steps which didnt prove succesful, including formating the device.... It has stopped after 2 months, not sure why ( Android update??? Banishment of IQ Option Forex of Brazil due to law transgressions??) . I dont think it was the law enforcement since I saw some cases reporting this virus at another foruns after the banishment of IQ Option... Due to the pandemic, I didnt take the tablet yet to service repair. Planning to do it at march. But I would like some more advices... Dont want to migrate in the future for IOS because of this.
P.S: Ive already flagged the app at the Google Play Store, but Im afraid Im pointing the wrong culrprit... Nothing happened , so maybe Google didnt find anything...
If you reloaded the OS that should be the end of it unless you installed it after the reload or it's in your data that you added after the reload.
It may not be the app(s) you suspect...
Scan with Malwarebytes.
Thats the question, it was a new tablet . I instaled only Netflix, Amazon Prime and when I put this calculator app, the problem started. As soon as the the problem started, I ran the antivirus that comes with Samsung tablet ( McAfee ) , and nothing was detected, I later instaled Avast, nothing was detected, then AVG, nothing was detected again, but the problem continued for 2 months.
@malandrex
Forget all the mentioned scanners and comparable ones: they all are absolutley useless on Android. These scanners all exist for one purpose only: to pull money out of the pocket of fearful Android users like John Doe / Jane Doe
Take note that latest Android versions by default come with AVB ( read: Android Verified Boot ) feature, what prevents any changes can be made to Android's system - of course unless this feature gets disabled by user ( what is a bit complicated because user must know how to modify device's bootloader ).
Knowing this you must not fear Android's system gets infected, IMO.
jwoegerbauer said:
@malandrex
Forget all the mentioned scanners and comparable ones: they all are absolutley useless on Android. These scanners all exist for one purpose only: to pull money out of the pocket of fearful Android users like John Doe / Jane Doe
Take note that latest Android versions by default come with AVB ( read: Android Verified Boot ) feature, what prevents any changes can be made to Android's system - of course unless this feature gets disabled by user ( what is a bit complicated because user must know how to modify device's bootloader ).
Knowing this you must not fear Android's system gets infected, IMO.
Click to expand...
Click to collapse
So what does explain the autonomous opening of Google Play at the app IQ Option on my new Galaxy tab s6 which was acquired at the beginning of 2020? This behavior lasted from february to april and resisted, during this period, inumerous factory resets. Was it caused from an adware installed by the calculator app?? Was an app remotely installed from a PC virus that used the same Google account of the tablet? Or was something else?