My Rooted Android was Pick Pocketed - Asus ZenFone Max Pro M1 Questions & Answers

Hi,
Recently my rooted android was pick pocketed at a crowded market. I had redwolf recovery (no password) on my phone and USB debugging was turned off in developer options. Also i had a pin lock at boot, along with screen lock. I believe i had my phone encrypted by default (Oreo 8.1) as internal storage was unmountable. I'm curious about the risk to my personal data on my phone; Will it be accessible to the thief if he attempts for unauthorized access?? can he bypass the boot lock screen because my phone is rooted?? or will he have to factory reset/wipe all the data?
Also, i have requested for "erase all data" via 'find my phone' already (but i don't think it will come down to that).
Not as sorry about loosing my phone as much as i am worried about unwanted access. please share your thoughts.
Thanks in advance.

Sorry to hear that.
Regarding the thief bypassing your lockscreen if he/she has ever come across this or has some knowledge about android, you might be out of luck. However I believe the chances of that might be slim.
Hope for the best.

Related

[Q] Securing Nexus 4

Is there any way to secure android like ios7. In case if i loose my phone then no one can use it. Is it true a hard reset will remove my pattern or password? My phone is non rooted. Can someone install custom recovery too?
saudiqbal said:
Is there any way to secure android like ios7. In case if i loose my phone then no one can use it. Is it true a hard reset will remove my pattern or password? My phone is non rooted. Can someone install custom recovery too?
Click to expand...
Click to collapse
There is not fool poof way to prevent this. Even on IOS7 the security can be gotten around. Best advice is to make sure you are backing up your files.
Google does have a remote wipe option built into the Android OS. That is your best bet.
There is no full proof way to make render unusable, but you can call up your carrier and ask them to blacklist the IMEI so they can't use sim cards with it anymore.
You could however, protect your data. Do this by: encrypt your device, stock recovery, disable USB debugging, lock the bootloader. At least with this, if the device is stolen, if they don't know how to flash factory image, they'll need to enter the encrypted password to boot into the phone and can't copy over your datas.
You should also look up the app Cerberus, which with root can survive through factory reset (as long as they don't overwrite or format the "system" partition).

Google's Android Encryption - what a joke

So, I accidentally encrypted my device when I booted a kernel that had "force encryption." Ooops. When I rebooted, it immediately started encrypting. (No prompts.)
I tried to decrpyt, but it kept asking me for a password (which I never set up) and then would say that the password was correct (no matter what I typed), but something is corrupted in my data... and that I had to factory reset.
Sure. Bite me, Google!
Steps to recover:
1. Power off
2. Boot into the bootloader
3. Boot into TWRP recovery. TWRP see's all my data fine and doesn't ask for a pw.
4. Backup the phone.
5. Use adb to pull the backup off the phone.
6. Go back into fastboot and run: fastboot format userdata.
7. Boot the phone normally (with a kernel that doesn't force encryption.)
8. (the only reason to boot here is so that android creates the proper /data directory structure.)
7. Back into TWRP...
8. adb again to push the TWRP backup back to the phone
9. Restore the backup made in step 4.
10. Reboot again. Success. Done. Everything works fine and I'm not encrypted.
So much for security, Google. Pfft...
Forgive my ignorance, I am not yet a n6 owner. What, are the disadvantages of encryption?
almahix said:
Forgive my ignorance, I am not yet a n6 owner. What, are the disadvantages of encryption?
Click to expand...
Click to collapse
Read and write speeds are slower as all data is decrypted and then encrypted as it is used.
Sent from my Nexus 7
EverDawn4 said:
Read and write speeds are slower as all data is decrypted and then encrypted as it is used.
Sent from my Nexus 7
Click to expand...
Click to collapse
Also due to the extra number crunching overhead, more battery burning.
I see how that is a negative. I'm surprised there isn't an easier way to disable encryption. I expect by tbe time I get one early next year some awesome dev will resolve that.
The point is that encryption has some negatives, but NO POSITIVES. What is the point of it when its so easily bypassed?
Sent from my Nexus 6
garyd9 said:
The point is that encryption has some negatives, but NO POSITIVES. What is the point of it when its so easily bypassed?
Click to expand...
Click to collapse
Encryption does have some positives, such as more protection of your data. How you describe and what you didnt doesnt show it as having much positives though
You claim it is worthless, because you could use root access and unlocked fastboot to push and pull data and all that, but can you really do all that so easily and get by the encryption without any root access and a locked bootloader? What about a not yet authorized ADB and you cant get into the device because it is locked and encrypted (in this scenario we are trying to break the encryption, not just go into the ROM and hit accept). I think everything is easier when you already have things unlocked and full system access.
Seems pretty secure to me. By the time you got to where you wanted to be, all data on the device was gone.
Mission: Accomplished.
The ONLY requirement to repeat my steps is either an installed custom recovery or an unlocked boot loader.
I'd agree with your argument if google allowed a non-encrypted fs if/when a boot loader was unlocked (which would be simple as /data is formatted on unlock anyway.)
Instead, google forces the encryption unless you swap boot partitions
Who's to say that the boot loader lock can't be worked around by someone determined? We haven't tried yet for the simple reason that the effort seems futile when we can so easily do it with fastboot. However, boot loader locks HAVE been worked around to boot custom recoveries on other devices such as Samsung and LG phones.
Once your in recovery, as I explained above, all the supposedly encrypted data is accessible.
Sent from my Nexus 6
garyd9 said:
The point is that encryption has some negatives, but NO POSITIVES. What is the point of it when its so easily bypassed?
Sent from my Nexus 6
Click to expand...
Click to collapse
It can be bypassed because you are using the default encryption key. If you set a pin or a password it changes the encryption key and you need to enter that in recovery to access the partition.
No positives... Lol
rbox said:
It can be bypassed because you are using the default encryption key. If you set a pin or a password it changes the encryption key and you need to enter that in recovery to access the partition.
Click to expand...
Click to collapse
How many "typical" users will set a pin or password? Those same users, if they are concerned about data security, would be manually enabling encryption already.
Google (and Apple) came up with this "great" idea to force encryption on by default (and, at least in Google's case, make it the ONLY choice without modifying the system boot partition.) They claim they did this to protect data. What protection is there if Google allows the "typical" user to use the "default encryption key" and it's so easy to get the data even if "encrypted?"
I think what I'm getting at here is that I was extremely disappointed that it was so easy for me to get at my "encrypted" data using back door methods. I suspect that MOST people won't set up any extra keys/pins, and will allow the default key. They'll see that the device is "encrypted" and feel some FALSE sense of security. In fact, those people are facing a performance penalty of some degree in order to have that FALSE security.
Here's how I think Google should have done things:
1. First and foremost, don't use software encryption. Require the encryption system to have some form of hardware acceleration.
2. Instead of 'forceencryption', the fs manager should default to encryption ON if the bootloader is locked, and default to OFF if the bootloader is unlocked. The result would be that unlocking the bootloader (which nukes the /data partition and causes it to be reformatted) would start with an un-encrypted userdata partition. (The user could still enable encryption.)
3. In conjunction with #2, if there's no encryption key provided by the user, then DON'T ENCRYPT. I honestly believe that a false security is WORSE than none at all, and apparently the "default" encryption key is all but useless.
On the other hand, I hope my first post in this thread helps some user (or dev) who accidentally encrypts their filesystem while playing with kernels. Up until then, it was believed that once the userdata became encrypted, there was no way to reverse it.
Keep in mind, we XDA users are not typical users so of course we could figure this out. Secondly anyone even remotely interested in security has a password on their phone. Lastly, a question, does encryption prevent people from plugging your phone into a PC and seeing your data?
SymbioticGenius said:
Keep in mind, we XDA users are not typical users so of course we could figure this out. Secondly anyone even remotely interested in security has a password on their phone. Lastly, a question, does encryption prevent people from plugging your phone into a PC and seeing your data?
Click to expand...
Click to collapse
A counter-question: Who (or what) is google trying to "protect" us from with forcing encryption on?
No, encryption doesn't seem to block normal MTP access. Basically, an "encrypted" device (with no password), once booted, appears the same as a non-encrypted device (just a bit slower on data access.) The portion of /data presented as the "internal sd card" is accessible via MTP regardless of if encryption is on or off. (other portions of /data aren't accessible via MTP.)
With adb functional, unix permissions will block quite a bit, and once you add root to the mix, the entire phone can be accessed. (selinux probably introduces more restrictions, but I'm not familiar with them.)
Again, that leads back to the question of just who google is trying to protect us from. If the phone is encrypted (with no password) by default, and can easily be decrypted if no password was provided, then what good is the encryption? Why suffer the overhead of encryption when it doesn't serve any effective purpose?
TWRP tries the default password. If you had changed it, TWRP wouldn't have worked at all.
That was not a fair assessment of the encryption used on Android.
I actually don't think it's a big deal especially since you didn't have a password. Encryption without a password is like a door without a lock.
Also I'm assuming that once a password is active that MTP will be disabled without said password?
Again.... The point is that android is forcing encryption on even without a password. I KNOW I have no password, but if having no password makes encryption useless, why FORCE it to be on?
Sent from my Nexus 6
I think it's better than the current, if you encrypt you must use a password 24/7 mode. I prefer it this way because it's currently how I use my phone. I have a pin when I feel it's necessary (work sometimes, phone charging on a table, bar hopping, etc.) or basically whenever someone might be able to access my phone without my noticing. Otherwise I have my pin off. This works almost exactly how I've been wanting it for years. As long as when my pin is active people can't plug my phone in and view my stuff.

[Q] S5 Theft countermeasures - factory reset proof?

Hey all!
Is there any way to implement anti-theft tech on the S5 that is resistant to a factory reset? Many apps are available to track a phone after it is stolen. However, all the thief needs to do is pull the battery to shut it off, pull, the sim card, power into factory reset and poof it's ready to be re-sold. Cerberus offers the best protection I've seen so far as it will survive a factory wipe if the phone has been rooted and a custom ROM loaded. However, even that can be worked around by flashing a custom ROM (which the thief may not know how to do).
Any suggestions? How do you guys handle anti-theft? Had 2 galaxy phones stolen over the past year so I'm looking for any and all advice here. Thanks in advance!
User0919
Enable "Reactivation Lock" in security settings, factory resetting the device forces the person to log into the Google account that was logged into when the lock was enabled, or they have no access to the device, even after resetting it
*Detection* said:
Enable "Reactivation Lock" in security settings, factory resetting the device forces the person to log into the Google account that was logged into when the lock was enabled, or they have no access to the device, even after resetting it
Click to expand...
Click to collapse
Re-activation lock only works when knox is 0x0 but that too can be bypassed by installing custom rom so...
I don't think there is the way. You have to pray that whoever will steal it is not an advanced user.
Reactivation lock does block custom recoveries as they use a custom binary. And if the user tries to flash through recovery they would need the user's google ID ( to unlock the reactivation lock). Though on other sources, it has come apparent that reactivation lock can be tricked (even in the latest lollipop bulid). As a extra measure you should password protect TWRP and encrypt ypur device to prevent any form of identity theft.
Yes it's very easy to break the user's lock screen since the information (cant remember either salt or hash, look up a Android Forensics blog) is stored in a database - settings.db and gesture.key . Someone could easily just delete the field for password.
http://resources.infosecinstitute.com/android-forensics/
there is no way or point in protecting phone to be stolen... if thief cant use or sell stolen phone will he give it back? no.. he will either crack it if this is possible or sell it for parts (screen, battery, casing).
Only reason to encrypt or lock a device is to protect personal data like photos.

What are the pros and cons of decrypting Oreo?

Trying to determine whether I should decrypt. Encrypted phone requires re-entering the password twice.
Encryption has nothing to do with requiring pin at start up. You can turn it off. And turning off encryption is not something you should do. Anyways to turn start up pin just remove the pin pass or pattern you have currently and then when you add again the first screen that pops up is the confirmation screen asking whether you want startup pin enabled. Select no and you are done..
The only real benefit to decrypting your device is if you use a custom recovery like TWRP--especially if it's not an official build of TWRP.
On some devices (especially those from One Plus) there are issues where TWRP either can't decrypt the data partition or stops being able to decrypt the data partition after an OTA.
On some phones you can just boot back up if that happens but on others you are locked out and need to reformat and reflash just so you can use the device again and if that can't be done which has been the case on some treble phones like the MI-A1 and the Essential PH-1 then your device is permanently bricked and is pretty much just an expensive paperweight.

My kid changed lockscreen pin

Hello there, I'm using OnePlus 6t on OOS 10, somehow my kid changed the lockscreen pin and now forgot.
I've read multiple threads and asked a lot of people, but there seems no method to bypass the lockscreen pin.
I'd some important files which I couldn't backup/ not until my last backup.
Is there any way possible to recover my files after a hard reset as that's the only alternate i can think of without bypassing lockscreen without root.
FYI: Bootloader locked, currently locked, haven't hard reset yet, usb debugging off.
Nope, if you hard reset you lose everything. User storage is encrypted with a per-session key that is wiped when a reset occurs meaning everything on the phone becomes useless garbage the moment that key is lost. If you have adb enabled and have authorized your computer once before you might be able to pull files off using that but otherwise you might be screwed
The lock screen is designed to keep people out, wouldn't be much use if it let people exfiltrate data whenever they wanted
Don't even think you'll be able to get the pin off the phone. When you reset Google asks for the old pin used in the device.
If USB debugging is off, I don't even think you can flash stock firmware onto the device either.
You're pretty much screwed.
The best way to do is MSM tool. If you don't know the password your can't even get in to recovery mode( required password). By doing that all data will be gone.

Categories

Resources