This actually applies to most HTC handsets, heck, maybe most phones, but this is the Dream forum and I wanted to talk about the Dream (since I own one). I actually had realized this the day I first rooted my phone, but it had been on the back of my mind until today when I ported MCR 2.6 for the Dream and saw the laughable WaveSecure app. I then thought about posting this general warning for Dream users and hopefully we can brainstorm and bring this big security hole to an end.
WaveSecure is an app that runs as a high priority process in your phone and it can do silly things such as disallow the usage of the device or access to the data on it by placing a locking screen on your phone. To enable your phone back, you enter a pin. Does that sound familiar? Ofcourse, your phone already has a lockscreen. The app also has a few backup and restore features, but nothing that hasn't been done before. Probably the only worthwhile feature is the ability to lock your phone remotely (but then the lockscreen was already active anyway).
Our rooted phones are different than stock ones, though. If you lose your phone and a knowledgeable person gets a hold of it, all they have to do is reset the phone, hold Home and Red, and voila, they have access to ALL your personal data inside your phone. I'm not only talking about the SDCard here, because accessing that data is so stupidly simple, but your phone writes enormous amounts of personal data to /data. There you can find account logins for all your installed apps, contacts info, you can find browser cache info and if you do your banking on your phone's Browser and have cookies set, well, they're all there. I've looked through several of the files in /data and most things there are dumped in human readable format, so a crook wouldn't even have to try very hard. I found my home's wifi hidden SSID AND 22 character lenght alphanumerical WAP2 encryption key in a file, and both were labeled as such .
One solution I see is easy, modify recovery to give you an option to prompt for password on start. But there's still the fact that, with the device on, we can still adb remount and then adb pull /data, so the adb binary would also have to be re-written for this purpose.
There's still yet another problem, though. Fastboot... Most of us are running a flavor of an Engineering SPL (either Death SPL or Hard SPL), and even if we block /recovery and /system, a crook can still fastboot flash boot and fastboot flash system and with a minimal booting image (no android runtime, only enough in /bin to boot a linux system) he can still get adb pull /data access.
That's where I'm at a loss, though. How do we patch SPL to prevent unauthorized usage? Are there any other security gaps I might have missed?
Comment, discuss, develop.
I'm confused. Wiping clears out the /data partition. Where are you getting all this data from post-wipe?
And that's exactly why I carry my important data safely with me. Wipe clears out the /data partition as much as "Emptying the Recycle Bin" erases deleted data in Windows.... meaning, it's still there. Although flash memory is better at deleting data, it can still be easily recovered, but then again, how are you supposed to wipe if you don't have the phone with you. I didn't see anything about remote wipe. Also, any person with two neurons firing would think right away about removing the battery and SIM before attempting anything.
Also, so let's say a wipe did clear /data entirely and you were able to remotely wipe EVERY SINGLE TIME the phone was lost or stolen (I once went a week without realizing I had lost my phone, paying that kind of bill and talking to Customer Service for hours on end is no fun), it still doesn't mean that the security gaps are not there. I still think they should be fixed, even if to foil people not interested in the data at all but on using the phone for their own. Don't you hate it when people find phones on the street, and instead of trying to return it they take it to their nearest mom & pop phone shop and have it unlocked, etc?
Oh, I see what you meant XD. Edited my post.
I've noticed this too, but the safest way to secure it is to have android encrypt the files as they are put on the data partition. Even then, that data is still unsecure. We should file an issue with the google code page for android and have them worry about it
Well, this has actually been considered...
For 'droid 1.6: From the home screen, Menu --> Settings --> Security --> "Use secure credentials". It is, of course, up to the application to make use of secure credentials. This is something that you should question the developers of secure applications about.
Other times, you may note that applications like "Password safe" will password protect and encrypt their data sets.
So it is definitely up to you to ensure that the applications that you use are written with security in mind.
Now for your home wifi password... does that really matter that much? They have to actually be IN (or very near to) your home to make use of it.
B-man007 said:
I've noticed this too, but the safest way to secure it is to have android encrypt the files as they are put on the data partition. Even then, that data is still unsecure. We should file an issue with the google code page for android and have them worry about it
Click to expand...
Click to collapse
No device can be more secure than being encrypted (assuming use of strong encryption). There is most definitely NO WAY EXCEPT encryption to secure your data.
I guarantee that EVEN WITH a no-root recovery partition and a no-fastboot bootloader that enforces system image signatures, that the data on the device *CAN STILL* be read off it.
It is definitely impossible to secure these devices against being read through something like jtag. And if it is read through jtag, the only thing that can possibly protect your data is encryption.
is it possible to do a complete wipe of the device? i know its not permanent but i figure if i quit banking online after i wipe the phone then i am no longer succeptible to that form of theft
I bet this is making some people that sold their rooted G1's nervous right now lol
this is the same issue blackberry users have, , even with a remote wipe ,there was concern that data can still be retrieved. That's also why the secret service is so concerned about the president having and using one daily, if its ever lost or stolen, ,,well you know, ,,
So rooted or not android is not the only platform with this issue. .
I would like to address this
"Don't you hate it when people find phones on the street, and instead of trying to return it they take it to their nearest mom & pop phone shop and have it unlocked, etc?"
Did you know if you called any cellphone carrier that you have and told them your phone was lost/stolen they will put the IMEI or ESN on the lost/stolen list, and then it can no longer be active on their network and from what I hear any other networks.
card13 said:
I would like to address this
"Don't you hate it when people find phones on the street, and instead of trying to return it they take it to their nearest mom & pop phone shop and have it unlocked, etc?"
Did you know if you called any cellphone carrier that you have and told them your phone was lost/stolen they will put the IMEI or ESN on the lost/stolen list, and then it can no longer be active on their network and from what I hear any other networks.
Click to expand...
Click to collapse
Depends on where you are, here in Canada, if it gets blacklisted by Rogers, it will still work on Fido (which happens to be owned by rogers).
There is also the possibility of rewriting the IMEI. Not exactly a major difficulty.
I have an idea. Since that, if someone gets hold of your phone physically, there's no way that he/she will be restricted from accessing the data, unless it's encrypted properly.
Therefore, to enhance the security, the data (or at least, /data) should be encrypted all time. I'm not familiar with Linux so I have no idea if it's doable or not, but that's a start.
That way, even if someone gets hold of your phone, and flash/hack/cheat all kinds of things, fastboot, recovery, adb... He/she will still be unable to access your data.
To do this, the bootloader (or the init script?) needs to implement a way to unlock the data.
To further increase the security, remote shutdown and wipe should be implemented as well.
Remote lock will NOT work because, while a phone is locked, it means it's running, and the data is already unencrypted at that point, and while I don't have much knowledge in hacking. I think a serious-enough person can hack the phone and get the data.
Of course, this still doesn't solve the problem that, if you, or your family member, is being held at gunpoint.
Just my 2 cents.
1) No changes to bootloader. Bootloader is not relevant to encrypted /data. The changes would be to add in the appropriate encryption scheme to the kernel. Also, to mount the /data partition using the selected encryption method, and to prompt at the appropriate time (mount time) for password. This would be DURING BOOT.
2) The reason you don't want to do this is that d/encryption eats CPU and memory.
bug666 said:
I have an idea. Since that, if someone gets hold of your phone physically, there's no way that he/she will be restricted from accessing the data, unless it's encrypted properly.
Therefore, to enhance the security, the data (or at least, /data) should be encrypted all time. I'm not familiar with Linux so I have no idea if it's doable or not, but that's a start.
That way, even if someone gets hold of your phone, and flash/hack/cheat all kinds of things, fastboot, recovery, adb... He/she will still be unable to access your data.
To do this, the bootloader (or the init script?) needs to implement a way to unlock the data.
To further increase the security, remote shutdown and wipe should be implemented as well.
Remote lock will NOT work because, while a phone is locked, it means it's running, and the data is already unencrypted at that point, and while I don't have much knowledge in hacking. I think a serious-enough person can hack the phone and get the data.
Of course, this still doesn't solve the problem that, if you, or your family member, is being held at gunpoint.
Just my 2 cents.
Click to expand...
Click to collapse
lbcoder said:
1) No changes to bootloader. Bootloader is not relevant to encrypted /data. The changes would be to add in the appropriate encryption scheme to the kernel. Also, to mount the /data partition using the selected encryption method, and to prompt at the appropriate time (mount time) for password. This would be DURING BOOT.
Click to expand...
Click to collapse
So that's the init scripts?
lbcoder said:
2) The reason you don't want to do this is that d/encryption eats CPU and memory.
Click to expand...
Click to collapse
And battery, may I add?
To what extent is the question, I don't think it's a must-have feature for everybody, but think some may be willing to put up with the trade off...?
bug666 said:
So that's the init scripts?
Click to expand...
Click to collapse
Mainly kernel, but yes, some adjustment would have to be made to the init.
And battery, may I add?
Click to expand...
Click to collapse
Certainly. Anything that eats CPU eats batter.
To what extent is the question, I don't think it's a must-have feature for everybody, but think some may be willing to put up with the trade off...?
Click to expand...
Click to collapse
A better implementation would be to encrypt *some* data, i.e. application home directories, but specifically NOT the ~/lib directory. Because really, do you CARE if your APK's or dalvik cache are encrypted or not? This would minimize the performance impact (to negligible) while providing the desired data security.
Also, encryption on a per-application basis would allow this to be done withOUT having to pause bootup to ask for a password... it could be done more intelligently on first-access-attempt.
Anybody tried using Walkie Vault (http://www.walkie-vault.com/)...? Can it encrypt the data/home folder...?
A system-wide usable encryption system that different apps may make use of is a good idea, but is it on Android's agenda yet...?
It hasn't quite entered the collective consciousness that the connected smartphone, as configured today and if logged into online services, is the ultimate personal identity device. Unlike other personal effects we keep on us at all times (id cards, keys), a Google login gives a thief potentially a treasure trove of data to exploit without requiring any further identification to the phone other than the lock screen (assuming the user has set one). Once it becomes a big enough issue we may see solutions such as:
- Built in biometric identification (fingerprint scan, iris scan) replaces lock screen.
- OS framework requires apps storing sensitive user data to store into encrypted databases, authenticated from above biometric keys.
- Carriers, digital identity providers (e.g. Google, MSN) providing remote wipe as free standard services and accessible over the phone, not just a web page.
No computer is 100% secure.
Biometrics are often easy to fool.
3 of the fingerprint scanners I have encountered were easily by-passed with a pencil, and a rubber glove. Not to say they are all like that, but some are super simple to get around. Myth busters bypassed one with a photo copier and a sharpie. My buddy bought one super cheap, and put it on his wife's computer to make her feel safer. We bypassed it by breathing on it. (it was super cheap)
The current "Lock" on the G1 is like that super cheap biometric scanner. Your fingers leave behind oils. Oils are what leave the marks on the screen. Breathe hot air on the screen and you can see the pattern of the lock sequence. Some lock.
Note to self: remember to wipe off screen everytime you unlock phone.
I think that the best way around this is to remove all the data from the phone in the first place. For several years now I have been telling my friends that google's ultimate goal will be server side data storage that you log into to use.
The world of cell phones is headed this direction as well.
Google voice, Google Chrome, Google Docs, Cloud....all operate under the idea that you connect to the data, manipulate it, save it, then (ideally) your device forgets it was there.
If you want to stop cell phone theft, you have to hard code the phone to accept only one set of data, and any attempt to change that data in a way not prescribed by the phone will result in the destruction of the data and the usability of the phone. Not real cost effective for a device that lasts on the average of 18 months.
Another option is to make a daily use phone. Only good for 24 hours. Then you have to get a new one. Make them cheap, and disposable.
Common users would freak out over having to back up the data all the time, or you would need a uplink storage location like...oh say Google voice, Google Chrome, Google Docs, Cloud.
The average consumer has no clue what that thing in their hand is capable of doing, storing, or tracking. The techno geek is the problem and much like ROM's, what stops a Techno geek today, won't necessarily stop him tomorrow.
In the mean time, wave secure at least offers you the satisfaction of telling you when someone has put a different sim in your phone.
And it will scare the crap out of someone when they pull out the sim card. it is very loud!
But I agree the android system needs a better lock.
Maybe a mod could be prepared to separate /data into a cryptfs system, only trouble is that to make it secure a start/unlock password would need to be entered.
Recently the Android OS checkbox settings on my Desire Z stopped showing the "unchecked" state. Well, I can usually make out a very faint difference between the two states but an obvious checkmark appears regardless of whether the option is enabled or disabled. It doesn't seem to be a problem with any 3rd party applications, just all the home menu settings.
This is driving me crazy and I think maybe it's time to make use of the factory data reset function - but before I do that I need to understand what exactly will happen to my apps and data and how to restore it.
I realize a screen shot might be useful here but as far as I know that requires an unlocked phone and mine is not...
Are you rooted? Titanium backup can backup most things, and shootme can take screen shots,... both require root.
Sorry, I meant to say my phone is unrooted, not unlocked (it is in fact, unlocked). So no screen capture. I do wonder if anyone else has experienced this strangeness.
You sure it isn't supposed to be that way? Only saying that as you are still stock. Try taking a pic with another device maybe?
You can take screenies with the SDK, but I doubt you have that since you don't have root either...
Anyways, you can completely disregard this post
The checkboxes have become corrupted somehow so the enabled/disabled state is virtually indistinguishable - not this way when I got the phone. Good idea, I'll try taking a picture with a camera.
I think a hard reset would probably fix it but what happens to my paid applications when I'm not rooted and have no full backup capability?
Your paid apps will stay in your my downloads section on the Market afaik.
I found a program called Nobars in the market. What it does is monitor cell reception and turn the radio off when you have no signal. There is an option to keep WiFi active when it puts it into airplane mode.
I have confirmed that it works as it should by taking it out of airplane mode several times. Since installing it cell usage of the battery has not budged.
I know this can be done manually but this is an automatic option that constantly monitors.
Nice find
Sent from my A500 using Tapatalk
Does this need root?
Cause it doesnt seem to work on mine (note rooted yet)
I dont see any notification as the settings suggest..
Its not working for me neither.
Mine is unrooted too.
Do we need root?
mine is rooted and it doesnt work : still have the "veille gsm" process sucking battery (A500 french)
I am rooted, it doesn't work for me either.
Does Airplane Mode Work?
Has anyone seen any positive effect of keeping the tablet in airplane mode and just turning WiFi on/off as you need it?
This app does not need root. While it was working great for me initially it now seems to have stopped working. I am going to play with it a little today.
And I definitely see a difference running in airplane mode.
There is another app I run on my droid x that shuts down everything at night. Going to see if that works on Honeycomb.
for anyone that it is not working for, you can turn on airplane mode manually and then re-enable wifi
bog3nator said:
for anyone that it is not working for, you can turn on airplane mode manually and then re-enable wifi
Click to expand...
Click to collapse
You can do this, but have not seen any adjustments to the battery use at all. It still keeps draining for the cell standby.
Sent from my A500 using XDA Premium App
Airplane mode does not fix the Cell Standby drain.
I have seen this topic discussed in the Androidtablets forum under the Acer specific thread. (I still can't post links but it's exhaustively been discussed in that thread).
Unfortunately, the a500 was designed exactly the same as the a501 (which will be the 3G enabled Acer tablet eventually).
The bottom line is, this probably won't ever be fixed. Renaming phone.apk and telephonyProvider.apk does fix the issue - but it also bricks your tablet.
For my Droid X, I use a widget called "Dazzle!" which gives me control over the Cell Radio - even on my Droid, I can disable Cell and not have a Cell Standby drain. Unfortunately, this widget does not appear in the market for the Acer...
I think we've gotta wait for a crafty developer for a workaround, or wait for some custom ROM's... Acer doesn't seem to have any plans for a software update for this.
Dalrimple said:
Airplane mode does not fix the Cell Standby drain.
I have seen this topic discussed in the Androidtablets forum under the Acer specific thread. (I still can't post links but it's exhaustively been discussed in that thread).
Unfortunately, the a500 was designed exactly the same as the a501 (which will be the 3G enabled Acer tablet eventually).
The bottom line is, this probably won't ever be fixed. Renaming phone.apk and telephonyProvider.apk does fix the issue - but it also bricks your tablet.
For my Droid X, I use a widget called "Dazzle!" which gives me control over the Cell Radio - even on my Droid, I can disable Cell and not have a Cell Standby drain. Unfortunately, this widget does not appear in the market for the Acer...
I think we've gotta wait for a crafty developer for a workaround, or wait for some custom ROM's... Acer doesn't seem to have any plans for a software update for this.
Click to expand...
Click to collapse
All we need is a kernel that disables the ril. DJ_Steve did it for the Streak 7.
I have a help-ticket out at Acer about this issues, which has already surpassed Level 2 Tech support. It's been a while since my last response (which told me to send the unit in for faulty parts, haha). We'll see what Level 3 has to say. So far they've only sent form-letters back.
I have a feeling our developer community will have this issue solved well before acer even acknowledges it.
Dalrimple said:
I have a help-ticket out at Acer about this issues, which has already surpassed Level 2 Tech support. It's been a while since my last response (which told me to send the unit in for faulty parts, haha). We'll see what Level 3 has to say. So far they've only sent form-letters back.
I have a feeling our developer community will have this issue solved well before acer even acknowledges it.
Click to expand...
Click to collapse
Which leaves us users who don't want to go the mod/root route in deep doo doo.
I completely agree.
I finally decided not to root my Droid X for the gingerbread update. But the tablet, I have to admit, I might have to actually Root to fix the issues.
I hope Acer creates a situation where Rooting isn't necessary. But, it looks doubtful. I'd rather root and gain 4+ hours of battery, than not root and gain nothing.
Hw does disabling telephony and phone apks brick a device? So far mine seems fine with them disabled.....?
trothmaster said:
Hw does disabling telephony and phone apks brick a device? So far mine seems fine with them disabled.....?
Click to expand...
Click to collapse
How is your battery life before and after? And, renaming them does nothing unless you reset the Iconia.
What I don't understand is just what kind of reset does this. There's a lot of chatter here but to me a hard reset always meant a complete wipe of the device back to factory default state. Apparently even a "soft reset", i.e., just rebooting will also bork the Iconia so just be careful.
Am I on to something here?
Hi guys, I am a noob here so please dun flame me
I actually installed minimalist text onto my A500. I tried to customize my widget,
and when I went into the part where I can customize the activity of clicking my widget, I discovered that the list consist of mobile network settings (It actually consist of the full list of mobile networking settings)
Out of curiosity, I selected the mobile data network setting as my widgets default action. When I went into the setting, the "Data Enabled: Enable data access over Mobile Network" is actually being checked. I had unchecked it, and now my "cell standby" in my battery use has stopped.
Maybe I got it wrong or its just coincidence, but I thought maybe someone else can try it and see whether is it really workable?
I am keeping a look out on the battery statistics; hopefully it really works.
kkaytan said:
Hi guys, I am a noob here so please dun flame me
I actually installed minimalist text onto my A500. I tried to customize my widget,
and when I went into the part where I can customize the activity of clicking my widget, I discovered that the list consist of mobile network settings (It actually consist of the full list of mobile networking settings)
Out of curiosity, I selected the mobile data network setting as my widgets default action. When I went into the setting, the "Data Enabled: Enable data access over Mobile Network" is actually being checked. I had unchecked it, and now my "cell standby" in my battery use has stopped.
Maybe I got it wrong or its just coincidence, but I thought maybe someone else can try it and see whether is it really workable?
I am keeping a look out on the battery statistics; hopefully it really works.
Click to expand...
Click to collapse
Wow! I just went into my Beautiful Weather settings and under the "Advanced Panel" you can specify an action for clicking on the time (or weather). When this is done, it provides a large list of action - this list, to the best of my knowledge, doesn't show up anywhere.
Anyway, Mobile Data was checked (yes or on) so I cleared the list (resulting in mobile data being UNCHECKED) and rebooted. Mobile data remained unchecked so I'll watch for a while and report results later.
docfreed said:
Wow! I just went into my Beautiful Weather settings and under the "Advanced Panel" you can specify an action for clicking on the time (or weather). When this is done, it provides a large list of action - this list, to the best of my knowledge, doesn't show up anywhere.
Anyway, Mobile Data was checked (yes or on) so I cleared the list (resulting in mobile data being UNCHECKED) and rebooted. Mobile data remained unchecked so I'll watch for a while and report results later.
Click to expand...
Click to collapse
Yeah the list didnt show up anywhere unless we went to customise widget setups like what we did. Lets see how things goes!
And it seems as though the mobile network settings etc is hidden due to the fact that our A500 is wifi only?
Was curious about this feature of the phone. ...I know what encryption is. ... but, in regards to phones, I do not. Can anyone shed some light on this for me? Like, what it does exactly, how it works, does implementing it in my device effect it on an os level or kernel?...any other general information about it is very appreciated. ..... tried google, but it just kept bringing up "15 things you must know about your s5" articles and the like.
beav3r
Skynyrd420 said:
Was curious about this feature of the phone. ...I know what encryption is. ... but, in regards to phones, I do not. Can anyone shed some light on this for me? Like, what it does exactly, how it works, does implementing it in my device effect it on an os level or kernel?...any other general information about it is very appreciated. ..... tried google, but it just kept bringing up "15 things you must know about your s5" articles and the like.
beav3r
Click to expand...
Click to collapse
You can encrypt the device (Settings > Security >Encrypt). However, you will NOT be able to use the fingerprint scanner if you do this. This process takes around one hour and scrambles all the data. Every time you turn on the device you need to enter a passcode before it boots. This helps to provide an extra layer of security on top of the regular PIN or password.
Read more: http://www.itpro.co.uk/mobile/22034/samsung-galaxy-s5-top-15-tips-and-tricks#ixzz319NY0W4G
kprice8 said:
You can encrypt the device (Settings > Security >Encrypt). However, you will NOT be able to use the fingerprint scanner if you do this. This process takes around one hour and scrambles all the data. Every time you turn on the device you need to enter a passcode before it boots. This helps to provide an extra layer of security on top of the regular PIN or password.
Read more: http://www.itpro.co.uk/mobile/22034/samsung-galaxy-s5-top-15-tips-and-tricks#ixzz319NY0W4G
Click to expand...
Click to collapse
Also recovering data off a damaged phone is impossible.
Unless you require your data to be fully encrypted and don't care if you lose it, because it is backed up; do not encrypt.
Thanks guys. Does anyone know the processes the phone goes through while encrypting? Or decrypting. ... just wondering if it would be beneficial at all If someone did a log cat while doing both, just to see if there is a hole that could have an exploit vulnerability. ... and, would dalvik vs ART during the process change that answer, since you're running "custom"while ART is on. ... I'm 99% sure it isn't going to help s#!%, but, never know, little things usually get overlooked.
beav3r