Slashdot Mirror
Want To Ensure Your Personal Android Data Is Truly Wiped? Turn On Encryption
MojoKid writes We've been around the block enough times to know that outside of shredding a storage medium, all data is recoverable. It's just matter of time, money, and effort. However, it was still sobering to find out exactly how much data security firm Avast was able to recover from Android devices it purchased from eBay, which included everything from naked selfies to even a completed loan application. Does this mean we shouldn't ever sell the old handset? Luckily, the answer is no. Avast's self-serving study was to promote its Anti-Theft app available on Google Play. The free app comes with a wipe feature that overwrites all files, thereby making them invisible to casual recovery methods. That's one approach. There's another solution that's incredibly easy and doesn't require downloading and installing anything. Before you sell your Android phone on eBay, Craigslist, or wherever, enable encryption and wait for it to encrypt the on board storage. After that, perform a wipe and reset as normal, which will obliterate the encryption key and ensure the data on your device can't be read. This may not work on certain devices, which will ask you to decrypt data before wiping but most should follow this convention just fine.
Because that's the only way to know for sure that you are safe from the scum bags out there!
Is the a public booth around here ? -- Richard Stallman
Is there a public booth around here ? -- Richard Stallman
yeah smart guy . But nobody wants stallmans naked selfies anyways ..
What is not addressed is whether or not this wipes the free space as well. Recovering deleted files is easy, and if the encryption doesn't fill the device then encrypt then this trick can leave some stuff behind.
There should be no need to decrypt before wipe, just start phone in bootloader mode where you get the option to wipe cache, memory etc and reset to factory defaults. That should then reset the phone and delete the encryption/decryption key but leave the bits of memory that do not get overwritten still encrypted.
Hope this works as that is the procedure I go through before selling any android phone I have owned since the encryption feature has been there.
1 pass with 0xff /dev/urandom is used for a secure RNG if available.
.. no more naked selfies
5 random passes.
27 passes with special values defined by Peter Gutmann.
Rename the file to a random value
Truncate the file
viola !
Same dog, different legs.
It's just too bad that it makes your android device run like complete sh!t.
I'm under the impression that turning on encryption works by file-by-file basis, not full-disk encryption, and as such it might still be possible to find at least some old files there if the locations haven't been overwritten by new data. If it indeed works as I have the impression of then turning encryption on is still possibly inadequate a safety method.
It's well established that plenty of consumers discard or donate hard disks without taking any precautions, and are playing roulette with their identity. It's also well established that hundreds of millions of tons of this equipment is replaced, resold, stolen or discarded, and most people who wind up with the secondary device lack either the time, money, or effort to scavenge data off the phone. If in fact someone is in the identity theft business by buying phones on ebay, they'd profile themselves pretty well after a dozen phone purchases (what do these data-theft-victims have in common?). And who knows how many phones they'd have to buy which had been wiped in some way (and required more time, money and effort)?
This isn't a bad article in that it birddogs simple things you can do before selling your used phone, and if it elevates the perception of risk in order to get people to do something easy, that's appropriate. But in response to people who are shooting and burning their devices to be "100% sure" that no one spends the time, money and effort to follow them... that's appropriate if you are a high risk target. If you have stuff on your phone of interest to the FBI or KGB, the amount of time+money+effort may be less than or = the amount of risk. Your call.
But there is a lot of hyperbole out there about the percentage of identity theft which is traced to secondary market devices, and the billions of dollars in secondary market sales on sites like ebay represent time+money+effort interest in new product makers to spend fanning flames. Again it's appropriate that the article raises concerns and then points to simple efforts a consumer can take to increase the barrier-to-entry to their personal data. But the army of ebay buyers getting their porn fixes by buying and then de-encrypting cell phones to retrieve ugly selfies seems exaggerated. Warn people about sharks if they are swimming in shark infested waters, don't tell people that most swimmers will be attacked by sharks.
Tear your mail in 8 pieces and someone could dig it out of the trash and tape it together, but the time+money+effort that represents is significant. I remember people selling paper shredding equipment in the 1990s who described armies of Iranian students or Chinese peasants who could be buying torn paper and taping it back together. If they know it's the President of the USA's mail, they no doubt will expend that time+money+effort... Presidents should assume they are swimming in a shark tank. For most of us, ebay resales are a swimming pool, and warnings of shark attacks get tiresome.
Gently reply
not a short story http://www.youtube.com/watch?v=vVg7mtgEqGY
Last time I checked the standard Android encryption will not do the sdcard partition (I mean not the physical card, but the partition on the internal flash, usually the biggest chunk of it, like let's say 11 out of 16GB). YES, some manufacturers like Samsung and Motorola (possibly many more) have their own solution (I bet a really crappy one but never mind that) and it would do mostly everything, including the big sdcard partition and (if needed) even the physical sdcard.
Anyway bottom line is that:
a. depending on the phone you might not be able to encrypt at all /sdcard
b. ANY activity, including storing random (non-private) crap on the phone and then removing it helps. However, this is no maggic bullet.
How many times does it overwrite the files?
Troll is not a replacement for I disagree.
Any marginal blocks mapped out before you encrypt will remain unencrypted and may be available to a determined attacker. Same goes for hard drives, and SATA secure erase is not provably trustworthy. Always encrypt your storage before you put any data on it. If you do not trust your hardware AES to not be backdoored then use software crypto.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
and use up all free space. repeat again. Assumes you are saving things to internal "sdcard" and not the external.
In iOS, when the factory reset is performed the key is removed so when the phone is reset and tied to a new account a new key is generated which is unable to access the old content. I'd rather the content was erased first, just in case some exploit is uncovered that can get at that key, but it's better than what Android has.
To expect an Android user to know that they must first encrypt the phone then do a factory reset if they want their data actually erased is absurd. Does Google not share the same view as the public on what the phrase "factory reset" actually means?
This (along with the all or nothing approach to app permissions) is something Google's PHDs really need to sort out.
Avantslash - View Slashdot cleanly on your mobile phone.
This should be a default feature, mandatory, and automated because the average user has no clue that their data can be stolen after a format. The last phone I sold, I encrypted>scrubbed>reset>scrubbed>encrypted>scrubbed>encrypted>scrubbed>reset>scrubbed
I know that may sound excessive, but I don't want some nutcase ending up with information like birthdays, kids cell, addresses, school, banking, schedule, and that's just the tip, but mainly, a lot of very kinky and perverted sexting with the old lady lol.
The use of full encryption and wiping the key was commented on many times in the article http://yro.slashdot.org/story/... quoted in this piece. Even the original story was an advert for avast's app. Does this really now deserve a separate article?
This is probably a stupid question but is everything recoverable after a factor reset?
Whenever we take hard drives out of service we run a secure wipe if we are able to so they can be handed down.
There seem to be a few utilities in the app store to securely wipe storage however would have been really nice if this was an option user is presented with when wiping their device.
I personally wouldn't store anything worth protecting on a mobile phone (including device encryption keys) I don't trust myself not to screw it up... any passible security measure (linked to device key chain) would be way too cumbersome and annoying to have to constantly deal with at unlock screen.
More importantly I simply don't trust android. Why is the keychain used to store VPN credentials yet email, accounts, browsers, etc all store passwords in the clear when facility to punt responsibility to keychain is right there? Seems to be either incompetence or intentional action either way result is the same -- I don't trust android for anything.
It's easy to say to"Turn On Encryption" I don't believe I have that function on LG -E612 (Android 4.1.2)
Also in the obvious department: water is wet. News at 11
"all data is recoverable"
Wanna bet? -- Lois Lerner
You're using an operating system built by an advertising company and you expect privacy?
There - problem solved. Go ahead and decipher my phone dust.
...if it didn't force me to also use an alphanumeric password on my new phone. It's got a fingerprint scanner. I want to use that to unlock my phone. But that's disabled if I turn on encryption. Same with my new tablet. So no encryption for me on these devices. Both of my previous devices were content with a PIN which is considered as secure as the fingerprint scanner. Seems ridiculous that I can't determine the level of risk I'm comfortable with.
Encrypted data is still retrievable. In 20 years, computers will be powerful enough to crack any encryption that android uses.
The better solution if you care about data is to get a Blackberry .... I did and I don't have to worry about it. Blackberry's have a built in security wipe that does what wiping should do. In this day and age I can't believe people still trust their toys (Android and iOS).
Fire up the drill press and run a 1/4 inch hole through the phone. This is the methodology that Qcom and others have used for decades to discard used hard drives, working or otherwise. Granted, on a phone you might actually have to hit the memory devices with the drill. And as others have said, if you are so hard up for 10 bucks from trading in your phone, you shouldn't be buying a new one!