Ask Slashdot: How Can I Prepare For the Theft of My Android Phone?

New submitter Adam Jorgensen writes "Last week my 4-week old Moto G phone was stolen while getting onto the train at Salt River in Cape Town, South Africa. That in itself is no big deal. Cellphone theft is a huge problem here in South Africa and I've had at least two previous cellphones stolen. The big deal this time, for me at least, was that this was the first time I've lost an Android phone to theft. When I actually sat down and thought about it, losing a fully configured Android phone is actually a big deal as it provides ready access to all kinds of accounts, including ones Google account. This could potentially allow the thief to engage in all kinds of malicious behavior, some of which could have major implications beyond the scope of the theft.

Luckily for me it seems that the thief did the usual thing: Dumped the SIM card, wiped the phone, and switched it off. It's probably had its IMEI changed by now and been sold on to some oblivious punter, possibly some oblivious punter in another country. Still, the potential for serious issue is making me have second thoughts about replacing the phone with anything capable of doing much more than calling. My question is this: Are there any serious solutions out there for Android that secure against theft?"

He continues:

By serious I mean solutions that go beyond the laughably easy to defeat 'Find My Phone' and 'Remote Wipe' options provided at present. Presently I'm thinking along the lines of:

• Full encryption of phone contents
• Some kind of 'Travel Safe' mode that would lock the phone down and trigger a full wipe of not unlocked correctly (Including wiping the phone on next boot if not unlocked before being switched off/running out of battery).

So, any ideas?"

Seriously?

[LordLimecat]

Encrypt the phone, and set a numeric PIN of 6 or more.

Done and done.

Re:Seriously?

[LordLimecat]

Followup, in case you dont know how to do that:
http://www.howtogeek.com/14195...
Its been available for quite some time IIRC.

Re:Seriously?

[slashgordo.]

After encrypting the phone with a good passwd/pin, go to all apps -> Google Settings app -> Android Device Manager, and enable "Remotely locate this device" and "Allow remote lock and erase". Then if it does get stolen, you can use the Device Manager app or https://www.google.com/android... to find it or remotely wipe it. Then go to your Google account settings at https://security.google.com/se... , select your device and "Revoke Access". If you used an application specific password for your Android device, go to https://accounts.google.com/b/... and revoke it. Change your Google password. If you used 2-step verification, move the Google Authenticator to a different device, and re-seed the keys with a new QR code. It is scary how much important private stuff we keep on these portable smartphones, tablets, etc these days, and how screwed we could be if that falls into the wrong hands.

Re:Seriously?

[mlts]

Here is what I do to secure my Android device:

1: Unlock the bootloader, flash a CM or custom ROM that doesn't sport crapware.

2: Encrypt the device with a screen locker PIN 4+ digits. I personally use six for this, just for ease of typing.

3: Use "su -c vdc cryptfs changepw foobar" to change the passphrase. This separates the passphrase Android asks for at boot versus the screen unlocker PIN. Of course, if you change the screen password, the cryptfs password will change, so you will need to use root and change it again, or use an app for this.

The advantage of this method is that the boot password can be very secure, while the password to get past the screen locker can be easy to type in.

4: Relock the bootloader. This forces someone to have to erase the data partition if they want to reflash.

5: Install a third party security app like Cerberus or Lookout that can locate and remotely erase the device, or just sound a siren until the holder trashes it. Some utilities can go into /system and persist against wipes as well.

6: If the device has a SD card, consider using an EncFS app to mount and store files under. This way, anything written is immediately encrypted.

7: Use Titanium Backup Pro with encryption and saving to a remote cloud provider. TB's encryption is remarkably sane (it uses private/public key, so the passphrase is only needed on a restore), and storing copies of backups remotely means that data is still obtainable even if the phone is lost. It does require root though.

8: Unless directly in use, keep USB and ADB completely off until needed.

9: Use a utility that demands a PIN before various apps can launch, especially preferences and an app that pops up a console/shell window.

10: Use a TRIM utility that runs in the background. This way, if the data isn't encrypted, it is not existing.

These will help protect data on a phone. If stolen, the attacker would have a few guesses on the PIN before the device locks them out. A reboot will force the attacker against the full passphrase. A data wipe will still mean Cerebus or a security program is still in /system, forcing the thief to completely reflash the phone to a factory image (ensuring all is gone.)

Of course, there is the physical hardware loss, which insurance might cover (Asurion for example), and stored data can be recovered via Titanium Backup. However, done right, an Android phone can be made decently resistant to theft or physical attacks.

The reason why one should use a utility to PIN protect apps and app groups is that if the phone is swiped before the screen locker comes on (for example, out of the user's hands directly). That way, assuming preferences and other settings are secure, a thief has limited run on what is available on the phone.

Cerberus

[iviv66]

I use Cerberus. It's available on the store: https://play.google.com/store/... Though if you download it direct from their website then you can flash it straight into the ROM, meaning that even if someone does a factory wipe on your phone it will still be installed and you can remote into it: https://www.cerberusapp.com/do... With it installed, you register your phone on the website, then sign into your account on the phone. From there you can carry out all sorts of commands, including GPS tracking, location history, call and SMS logs. You can even call or message the phone, get it to display messages, record audio, video, take pictures, all sorts. And finally you can wipe the SD card, wipe the phone, or reboot it. I don't remember how much it cost, but it was only a couple of pounds. I've never had my phone stolen yet, but I occasionally log into the site to check that everything is working and it always does what I want it to, so I've had no complaints with it.

Re:Cerberus

[Mr+44]

Note that there was a major security hole in this last year:
http://www.ifc0nfig.com/cerber...

And, via SMS commands - ALL FREE

[DontScotty]

http://www.xtrasec.com/feature...

Re:Laughably Easy?

[gnasher719]

Well, there was huge discussion a week ago how to defeat it. Take a stolen iPhone, wait for your mum to die, take iPhone, death certificate and will to the Apple Store... and damn, they still don't unlock it for you!

Root, Push Whatever

[sexconker]

Don't store important shit on your phone.
When your shit gets stolen, just change the passwords to any accounts it was authorized to.
Don't be one of those idiots who uses 2-factor authentication with one of those RSA hash clock apps on their phone. You'll just end up locking yourself out of shit when you lose your phone.

Encrypting your phone does nothing because you decrypt it every time you power it on, and you always have your phone on, don't you?
Passwords / locks will stop casual thieves from getting in, but they don't want in - they just want to sell the phone.
Passwords / locks will NOT stop thieves who want your information. If your info is worth enough to be targeted it's worth enough for a 0-day bounty. (And with Android you don't even need that - it's likely to be a 6+ month old bug that your manufacturer / carrier never patched / pushed out the patch for).

You may as well ask how to make sure your car can't be stolen. Can't win, don't try. Just minimize the impact.

Re:Physical security?

[baka_toroi]

It seems Lady Luck has bestowed you with the privilege of being born in a first-world country. Good for you!

Re:Pretty easy.

[dugancent]

You can use an alphanumeric password on iOS. You do t have to use a 4-digit pin.

Re:How exactly was it stolen?

No, it's not a problem here in Texas. I don't ride public transportation. I keep it in my front pocket right next to my gun.

Re:How exactly was it stolen?

[WuphonsReach]

I couldn't believe, when I left New York to go to college, how many people stored things in their back pockets. I used to tell them all the same little rhyme --

Yeah, ever since I started traveling for business on public transport, I no longer keep a wallet in my back pocket. Instead it goes in a front pocket, which is more difficult to pick pocket. Works well with jeans. This doesn't do so well if you are wearing dress slacks with loose pockets, so you'll have to resort to other means like the various types of hidden / zippered pockets.

It's just too easy to have your back pocket searched when riding public transportation. And inside coat pockets aren't much better unless they have a button or zipper.

Backpacks aren't safe either, a good thief can unzip it and look inside without being noticed. I prefer a messenger type bag with a cover that folds over the top and is latched down by snap-buckles combined with velcro. Harder to open quietly and I always have an arm wrapped around it anyway.

Re:IMEI change

[tlambert]

I thought IMEI could not be changed. Is it possible here because on a smartphone everything is software defined?

You can generally do this, if you are super technically inclined, and have the right tools for the phone in question. In almost every case, you have to defeat the security on the baseband firmware, because it's embedded as part of the firmware in what's called a "seczone" (contains security data for the phone, which is cryptographically signed, including the carrier lock and IMEI).

Most of the work required to rewrite the IMEI is not actually done by people attempting to be able to rewrite the IMEI; instead, the purpose is to be able to rewrite the carrier lock which happens to be in the same area, so if you have the source code for the tools, or know how to use IDA Pro and read and modify assembly language, you can convert the tool.

This is basically true of almost every Samsung baseband chip firmware, since it has a buffer overflow attack that works against the cryptographic signature check, and then - game over. This is how the Sony, Samsung, and original iPhones carrier lock was busted. For other phones, you can buffer overflow the firmware by using a specially designed chip that pretends it's a SIM chip, and buffer overflows the baseband from the other side of things, rather than from application space. It's probably worth my while to not go into too much detail here.

A non-stupid company that wanted to disincentivize that level of hacking on the baseband - said hacking also being an effective means of modifying the radio tables for the SDR (Software Defined Radio) - would put the carrier lock up in application space, rather than putting it in the baseband firmware in the first place. Most companies, Apple included, have been pretty stupid about their carrier lock implementations, though.

So yeah, the tools exist, mostly because of carrier lock, and the implementation details for the carrier lock being in a stupid location that makes the IMEI rewrite an easy opportunistic target.