Knock Knock
And so another back door becomes a front door.
Half a billion Android phones could have data recovered and Google accounts compromised thanks to flaws in the default wiping feature, University of Cambridge scientists Laurent Simon and Ross Anderson have claimed. The gaffe apparently allows tokens for Google and Facebook, among others, to be recovered in 80 per cent of …
This post has been deleted by its author
@AC
Not sure I follow your logic. Seemed to be:
"The boffins only spent their time scrutinising what is BY FAR the market leader, ignoring all the others. Therefore we should all pretend that NSA's Redmond's obscure little offering is secure"
Did I get that about right?
A sort of obscurity is security argument?
Tit.
"It is unknown how Android versions above 4.3 are affected. Google has been contacted for comment."
I think it will go along with the lines:
"It's fixed in the latest version. We are not going to fix any phones prior to this version"
Granted it will be about 200 words longer, but that will be the general line.
"It's fixed in the latest version. We are not going to fix any phones prior to this version"
Granted it will be about 200 words longer, but that will be the general line.
I'd be very careful with that, this involves Ross Anderson. The almost immediate response could be "no it isn't, here is evidence". If Ross Anderson tells you you have a problem, you first best check exactly how deep you're in it with Ross before you make any public statements, the man has an almost pathological aversion to bullshit.
Which is why I like him.
Bullshi-- here, bullsh-- there, bullsh-- EVERYWHERE bullsh--! 'Ol McDonald had a Server Farm e-i-e-i-o....
And, this will get Google to change its mind, and suddenly go 'round digging in the Vaults to fix this? lol I don't believe it.... You know what I believe EVEN LESS?! Assuming for just One second your Guy actually WAS that good... And, Google actually wanted to do something to fix this... (They won't BTW!), But, in an otherwise 'finite Universe, had they actually wanted too... And, had fixed this.... The OEMs will have been to busy flogging their M9's, S6's, Nexus 6 etc... etc... to care.
This said, when I picked up a second hand Galaxy Tab a few years ago. It was literately filled with all kinds of nasty... If slightly arousing tings on it. Sadly before I thought to back any of it up I had performed a complete Device wipe, before installing what was CM9 at that time, on it.
I was under, the understanding that the last owner had enough sense to perform a Factory Reset, if only to protect his Accounts.
But, I really do NOT expect this is something that's ever gonna change ever!
*To clarify that last statement... When I said I had done a complete Device wipe... I was referring to the Format functions under Samsungs Odin Flasher, and not the One inside the 3e Recovery. Which on that note... Why the HELL doesn't Google buy up TWRP, and make that the mandatory recovery?!
It's especially pleasant to see him moving his work outside the financial sector again. Further reading:
https://www.lightbluetouchpaper.org/
I do hope he (his department?) has good lawyers.
Meanwhile, safety critical aircraft systems on your list, please sir, when you have a moment.
"It's fixed in the latest version. We are not going to fix any phones prior to this version"
But to be fair, is there much point in fixing it in the old versions? It isn't like an OTA could be sent out to all phones to update it so the manufacturers and carriers would need to do the update and if they were going to go to all that trouble of writing the core files into their customised version, testing and delivering it then they would just update to the latest version anyway which is designed to work better on older devices (although that's debatable).
The main way to get a security fix it to get the latest version installed, it's the same with pretty much every system we run outside of Windows and Linux (e.g. all our phone systems, copiers, embedded systems, switches, routers etc).
Unless a way is found to upgrade the core Android OS directly from Google without requiring the handset or carriers to get involved - which I can't ever see happening, then updating older versions is not effective. You just need to flash a custom rom with the latest version.
" so the manufacturers and carriers would need to do the update"
Ideally they should be legally required to under consumer protection legislation. For Google it'd be a reminder "don't be incompetent" when coding, and for the carriers it'd be a welcome headache that might eventually persuade them to stop the nonsense of custom skins and bloatware.
Outside of the warped reality space of the carrier's marketing departments, I don't believe a single person on Planet Earth wants their new phone to be soiled by the carrier's logo, or the memory they've paid for to be filled with unremoveable but often barely functional bloatware, but it is specifically these undesired features that seem to be a barrier to fixing this.
The obvious solution (short of rooting and SIM free purchase) is for the handset makers to offer their nearest-to-vanilla versions of Android directly to consumers. The carriers could still skin up the phones before sale if they're so desparate, but then they'd have to add some real value with that to keep it on people's phones.
"But to be fair, is there much point in fixing it in the old versions? It isn't like an OTA could be sent out to all phones to update it so the manufacturers and carriers would need to do the update and if they were going to go to all that trouble of writing the core files into their customised version, testing and delivering it then they would just update to the latest version anyway which is designed to work better on older devices (although that's debatable)."
That doesn't seem to stop Apple, who managed to backport full-disk encryption and make it available for every device sold in the past few years as part of their regular update process. It wasn't *ooh* *whimper* sooo *sniff* haaaaaard *sob* like it was for Google. It's a core OS function that isn't dependent or reliant on manufacturer customizations, and should be updatable.
"That doesn't seem to stop Apple, who managed to backport full-disk encryption and make it available for every device sold in the past few years"
The Apple iPhone range is tiny compared to the range of Android hardware available. Whats possible for Apple on a small range of standardised is much harder when applied to the full Android range
"It's a core OS function that isn't dependent or reliant on manufacturer customizations, and should be updatable."
Not a great comparison really, Apple only have one hardware platform, Android has 1000's
Also Apple don't allow anyone else to use their OS, so again, its easy for them,
Google could release an update for 4.3 but the carriers will not spend money on a re-compile and release anyway.
I have been banging on about this for yonks see posts passim. Even if the damn thing is sucessfully wiped it is easy enough to recover the data and just involves playing around with coercivity and drilling down.
The only person I ever me who understood this fully was an Irish builder. He said to me "I need a new hard drive" I said this one is fine. He then said "I need a new hard drive" at which point I understood and swapped the server drives.
In other news, Carl Icahn is urging Apple to do more with its money.
Personally, I'm OK with them not doing more - it means they're less subject to external pressures to go stupid.
It's a process....
If you factory reset your phone, then SIDELOAD one of the above apps (I have used iShredder) then the app can overwrite the freespace on the main partition. Then remove the app, or factory reset again.
That's what I did with my Nexus 4.
I also setup Google on my phone via a OTP, Facebook to use 2FA, and logged both devices out/revoked the OTPs when clearing down the phone.
Admittedly these are things the 'average' user won't do, so the secure wipe should be fixed, but there are things you can do without root to make yourself a bit more secure when handing on a device.
If you factory reset your phone, then SIDELOAD one of the above apps (I have used iShredder) then the app can overwrite the freespace on the main partition. Then remove the app, or factory reset again.
I'm kinda short on downvotes, so I'm going to suggest a quicker alternative: get an iPhone :)
But I haven't figured out how someone buying an iPhone will help them to scrub their googlephone.
By not having the problem in the first place. Later versions of iOS (v7 and later) did a damn good job of creating secure storage in the device and zapping it on delete by using very established and proven cryptographic principles and providing enough hardware support for it to actually be of value.
I think Google can fix this in newer versions of Android, but it will have to insist on some of that same hardware that's a default part of iPhones to make that secure. After that it's a matter of structure, if the OS can be made clearly independent of the telecomms provider and manufacturer by making that theme layers on top of the OS instead of deep changes inside, you end up with a structure you could actually maintain. However, I have the distinct impression that Google doesn't really want to have that in place, and given what they make money from, that doesn't surprise me in the least.
I can't really see Google choosing for the customer in the clear conflict of interest here...
Not sure how serious your statement was, but an OS using full disk encryption, like iOS or Windows with Bitlocker enabled, simply has to dispose of the key and any data written on the partition(s) protected by it is instantly and permanently inaccessible.
I would assume that while Google probably implemented this in Android, it wasn't the default because in order to support it across a wide range of hardware capabilities they couldn't sure that every device would possess hardware able to support FDE. Whatever Android version made or will make FDE a requirement is the minimum one you'd have to be on to be safe from this, because you can't trust OEMs to care about stuff like this.
When you delete all content and settings on an iOS device all it does is erase the encryption key - it doesn't actually erase anything. Good enough you might think, but with things as they are in the infosec business I'm sure there are some working on a way of getting around this.
There is no conceivable way around this. You either have to be able to perform an attack against the encrypted data, which is a problem for everyone using AES if there is such an attack, or you have to have possession of the device before the key is erased. There are methods to get the key off similar products such as Bitlocker, by booting the device into Linux and dumping the memory contents during early boot. You can't do that against iOS but with enough (read a LOT of) resources you probably could find a way to do something like that.
But the important thing to note here is that you'd have to have my phone BEFORE I wipe it. Once I wipe it, you can't get squat from it. The article is about weakness in Android's erasure - so everyone who did a factory reset before selling/giving away their old phone potentially gave away their data (to the 0.0001% of people who would care to try this against a random phone they bought second hand)
Not only that, but on devices with A7 and higher CPUs the encryption keys are held in a special memory block on the CPU die itself with no direct read/write access from outside of the chip. Also, for anything running IOS8+ (iPhone 4S+, iPad 2+) full-disk encryption is mandatory. It's there, and there's no way to disable it.
MS has committed to provide free updates for all major software for 10 years. The phone manufacturers haven't been allowing and/or pushing updates for phones past 1-2yrs, even in the rare instances the code has been updated. How is that equivalent to your mind?
Windows has committed.
Google has not. There's nowhere where you buy a phone where people say that they are going to be giving you free software updates. Apple doesnt, Google doesnt, Blackberry doesnt, heck, even Windows Phone doesnt.
Why the expectation for them to?
Computers are being used for longer, there are still people using windows 98 and windows XP. Just because their systems are vulnerable should they go screaming at the media? Even after the support window has expired?
Windows has committed
You mean Microsoft. Oh really? Nonsense, they haven't - none of them have. The only commitment you have from Microsoft is that they will SELL you a new version when they get bored with sending updates or it becomes too obvious it really cannot be rescued (Vista immediately comes to mind here, or the upgrade to TIFKAM).
Google doesn't care one way or the other or they would have modelled the platform in such a way that customisations are layered on top instead of affect core code so that updates and OEM custom layers would not get in each other's way. But Google doesn't care - it goes for volume, and you get to volume by being cheap.
Apple has a decent update frequency in iOS and OSX, but could do with a lot more transparency. The main gripe I see people have is that new updates don't work on old hardware, but if you didn't expect that from the only IT company that makes a good margin off hardware instead of a waferthin edge over costs you need your head examined.