Slashdot Mirror
Factory Reset On Millions of Android Devices Doesn't Wipe Storage
Bismillah writes: Ross Anderson and Laurent Simon of Cambridge University studied a range of Android devices and found that even though a "factory reset" is supposed to fully wipe storage, it often doesn't. Interestingly enough, full-device encryption could be compromised by the incomplete wiping too. ITnews reports: "The researchers estimated that 500 million Android devices may not fully wipe device disk partitions. As many as 630 million phones may not wipe internal SD cards. Five 'critical failures' were outlined in the researchers' Security Analysis of Android Factory Resets paper.
"fragile full-disk encryption up to Android v4.4 (KitKat)."
"Twenty-six second-hand Android phones running versions 2.3 to 4.3 of the operating system, sold by five handset makers, were tested."
This paper did not look at Android 4.4 or above, IE, the only versions of Android that actually properly supported and advertised full disk encryption in the first place. Full disk encryption on any device prior to 4.4 was basically something the manufacturer cooked up.
If this paper shows anything to me, it is not so much about Android, it is more about how we have to force carriers to stop requiring this goddamn nonsense useless "carrier certification" so that Google can push device manufacturers to allow more direct and timely software updates.
No shit, you can get the encrypted data if it isn't wiped.
If the "encrypted" data can still be compromised, then it isn't truly encrypted, so encrypted storage isn't being used, and thus the "destroy the device" part applies.
Truly encrypted data is indistinguishable from random data to an attacker. In fact, that's even better than a reset device's storage being zeroed or oned out, since it doesn't indicate that the device had been obviously reset.
Besides, the summary is wrong. If you actually read the article, it says (emphasis added)