Hi folks!
I am a little bit scared that one day my Hermes will fall into wrong hands... loosing it or getting it stolen. First of all, its important for me that a thief cant access my data (calendar, emails, files on storage card) - and a second goal would be to get the device back / know WHO took it.
Therefore I would like to know which kind of security-strategy you professional WM6 users are following?
What do you do to maintain physical security (like IIWPO or Ultimate Theft Alert) and what for information security (tools like Trust Digital or Utimaco Safeguard PDA)?
Lets ignore antivirus software for this thread - but dont forget about WM6 and please report about stability, performance and necessary changes in your workflow (like for backups, file recovery)
connected to exchange.. so pin number on wakeup, auto wipe if fail 4 times or something.
memory card data encrypted with built in encryption.
what more do you need?
i keep my hermes on me at all times.. no one is allowed to touch it.. if im not using it in my hands its in a case (the wizard case) and on my pants.. if a ***** gets to close ill straight up cut him/her
thefunkygibbon said:
connected to exchange.. so pin number on wakeup, auto wipe if fail 4 times or something.
memory card data encrypted with built in encryption.
what more do you need?
Click to expand...
Click to collapse
Autowipe... well - this is a critical feature... but not standard on any rom, is it?
I guess if some idiot just "tries" logging in and destroys your important data you didnt backup for a day... i guess this will end up in jacob-mda's solution
Unfortunatley killing each and everybody is not accepted by society here...
And for the encrypted storage card: What if you need to hardreset? Then you cant access this card anymore... correct?
**** if someone runs up on me to snatch my 600$ phone they are getting a knife in their stomach as we say around the way.. homie dont play that ..........lol jk
any more ideas?
I found a suitable, easy solution which doesnt change daily workflow. A request to the CHEFs is here: http://forum.xda-developers.com/showthread.php?t=315747
Has any one done any work on getting LUKS working on the Galaxy Nexus yet? I know ICS has encryption but it is not the same (It is file level; dm-crypt encryption and leaves room for data leaks).
For that reason does any know of a WhisperCore alternative?
Thanks!
ICS encryption is dm-crypt based whole partition encryption. See ht tp://source.android.com/tech/encryption/android_crypto_implementation.html for details.
Now it does seem to have lots of drawbacks, but i don't think luks would be much safer. Well, it seems they differ in the used encrypted key headers. Google could have got that insecure.
Just using the lockscreen password strikes me as a bad choice in googles solution.
textshell said:
ICS encryption is dm-crypt based whole partition encryption. See ht tp://source.android.com/tech/encryption/android_crypto_implementation.html for details.
Now it does seem to have lots of drawbacks, but i don't think luks would be much safer. Well, it seems they differ in the used encrypted key headers. Google could have got that insecure.
Just using the lockscreen password strikes me as a bad choice in googles solution.
Click to expand...
Click to collapse
You can tell the whole OS is not encrypted since you can make emergency calls when at the preboot authentication screen.Only /data is encrypted and thus leaves room for data leakage. WhisperCore just managed it perfectly- just like LUKS on a computer. Preboot authentication, ENTIRE disk encrypted (minus /boot), and secondary lock screen (login) password that can be anything include "pattern".
Not to mention ICS is only AES-128 bit, I mean c'mon why not just use 256 bit like everyone else? It's cleared by FIPS for a reason.
x942 said:
You can tell the whole OS is not encrypted since you can make emergency calls when at the preboot authentication screen.Only /data is encrypted and thus leaves room for data leakage. WhisperCore just managed it perfectly- just like LUKS on a computer. Preboot authentication, ENTIRE disk encrypted (minus /boot), and secondary lock screen (login) password that can be anything include "pattern".
Not to mention ICS is only AES-128 bit, I mean c'mon why not just use 256 bit like everyone else? It's cleared by FIPS for a reason.
Click to expand...
Click to collapse
changing the key length for encryption should be an easy thing when compiling from source. Not sure what's the performance impact and security gain.
Having different crypto passphrase and screen unlock code might be a good thing, but if i start caring about encryption of my phone i'd try to push the key into the smartcard inside every phone (SIM card) and just enter the smartcard pin. Depends on amount of paranoia wrt security of these cards though.
But i don't understand why you would like to encrypt /system with a stock ROM. Nothing gained there. /system is read only so it can't really leak data. And as the kernel in the boot partition is unencrypted and unauthenticated anyway the OS code is open for changes anyway.
Without special hardware help or keeping the boot media separate and very safe, encryption will always only work against simple thiefs. If your attacker can get the phone do something to it and return it without you getting suspicious you lost anyway. Assuming he can get it again once you booted and used the phone again.
textshell said:
changing the key length for encryption should be an easy thing when compiling from source. Not sure what's the performance impact and security gain.
Having different crypto passphrase and screen unlock code might be a good thing, but if i start caring about encryption of my phone i'd try to push the key into the smartcard inside every phone (SIM card) and just enter the smartcard pin. Depends on amount of paranoia wrt security of these cards though.
But i don't understand why you would like to encrypt /system with a stock ROM. Nothing gained there. /system is read only so it can't really leak data. And as the kernel in the boot partition is unencrypted and unauthenticated anyway the OS code is open for changes anyway.
Without special hardware help or keeping the boot media separate and very safe, encryption will always only work against simple thiefs. If your attacker can get the phone do something to it and return it without you getting suspicious you lost anyway. Assuming he can get it again once you booted and used the phone again.
Click to expand...
Click to collapse
Not true. You an relock the bootloader on the Nexus phones, this completely prevents evil maid attacks. Secondly if I ever lose my phone and "happen to get it back" the first thing I am doing is wiping it and selling it for another one.
If you have ever use encryption you would know that the less an attacker knows the better. Hence encrypting the entire system is better than only encrypting a partition.
I don't like how Google implements dm-crypt. It would be more secure if the entire device was encrypted as it would completely look like random data to an attacker.
Why would you only encrypt your home folder and not every thing BUT /boot?
I prefer the whispercore way of doing it. I poweroff and you can't access anything except the login screen.
x942 said:
Not true. You an relock the bootloader on the Nexus phones, this completely prevents evil maid attacks. Secondly if I ever lose my phone and "happen to get it back" the first thing I am doing is wiping it and selling it for another one.
Why would you only encrypt your home folder and not every thing BUT /boot?
Click to expand...
Click to collapse
I don't think trusting the locked bootloader is a good idea. Look for e.g. "unbrickable mod" for an example how a lot of samsung phones can be forced to bypass the bootloader on the internal flash and forced to load arbitrary code from outside. So if somebody is willing to do an evil maid attack, they will likely do enough research to know these kinds of backdoors in your hardware platform. JTAG is another usual way. Or whatever the phone manufacturer uses to unbrick phones. I think it prudent to assume any sufficiently founded attacker will have unrestricted read/write access.
And why only encrypt real data? Speed gain for no measurable loss in security. At least from the google perspective. Google will rightfully assume customers are using official ROMs and the exact bit patterns of there are publicly available to everyone. So why waste cpu cycles to encrypt them. What could be useful would be integrity protection.
But while a fully integrity protected boot under the control of the enduser would be very nice (with a bootloader that's unlocked but needs a key or password) if only the manufacturer gets to authorise new software it's evil.
textshell said:
I don't think trusting the locked bootloader is a good idea. Look for e.g. "unbrickable mod" for an example how a lot of samsung phones can be forced to bypass the bootloader on the internal flash and forced to load arbitrary code from outside. So if somebody is willing to do an evil maid attack, they will likely do enough research to know these kinds of backdoors in your hardware platform. JTAG is another usual way. Or whatever the phone manufacturer uses to unbrick phones. I think it prudent to assume any sufficiently founded attacker will have unrestricted read/write access.
And why only encrypt real data? Speed gain for no measurable loss in security. At least from the google perspective. Google will rightfully assume customers are using official ROMs and the exact bit patterns of there are publicly available to everyone. So why waste cpu cycles to encrypt them. What could be useful would be integrity protection.
But while a fully integrity protected boot under the control of the enduser would be very nice (with a bootloader that's unlocked but needs a key or password) if only the manufacturer gets to authorise new software it's evil.
Click to expand...
Click to collapse
Yes but as I said any one that would put that effort in would have to get the phone from me (which I carry 24/7) and once I know I no longer have control of it I would (as I said) reset it and sell it. You are basically saying all Full Disk Encryption (including on computers) is useless because someone can modify the bootloader. I hate to say it (and this is not directed to any one in this thread) but only a true ignorant person would fall victim to a evil maid attack, It is common sense NOT to trust something that you lost control of.
My situation is different: I run a non-profit organization and my employees need to carry sensitive data with them. Why risk security with the built in dm-crypt when something like WhisperCore is much better? I don't won't an attacker knowing ANYTHING about the device.
ICS built in encryption is just as useful as Home folder encryption in Linux. Your data may be safe but an attacker can ascertain how much data is there. And in some case use this information to infer what data may be present on the device. This is why most people using encryption use FDE and not just home folder encryption. When you are done there should be absolutely no way for anyone to tell the encrypted partition from random data (wiped data).
No, i'm just saying the full partition encryption of /data is enough on galaxy nexus and that you can't protect from an evil maid attack except by drastic measures after you lost control of your phone.
Understandable but I respectfully disagree. I want FULL DISK Encryption not Partition encryption. Take a look here: http://en.gentoo-wiki.com/wiki/DM-Crypt_with_LUKS#Security_levels
Either way (even if it is secure enough) It's not going to get approved for me to use in a work environment (FIPS 140-2). This is why I need some like WhisperCore. We handle sensitive data at my company.
hello guys,
Im new here,and its of course,because i have a problem i lost all my data from HTC ONE M8 phone.
I read everywhere,that is possible somehow a recovery.,even if i do not have any back up for anything.
so i started step by step,unlock bootloader,root the device,and start with some app from play store..and nothing is working.
do i need to S-OFF the phone?it will work?I will be able to recover something?or simply i should jsut forget about everything.
Im not specialist i jsut want to know if it is possible to recover something or not.if yes,i will be very thankful with who will come with some advices.I was trying all the applications from play,none of them works.thanks.
nobody can help me?
morrientes99 said:
hello guys,
Im new here,and its of course,because i have a problem i lost all my data from HTC ONE M8 phone.
I read everywhere,that is possible somehow a recovery.,even if i do not have any back up for anything.
so i started step by step,unlock bootloader,root the device,and start with some app from play store..and nothing is working.
do i need to S-OFF the phone?it will work?I will be able to recover something?or simply i should jsut forget about everything.
Im not specialist i jsut want to know if it is possible to recover something or not.if yes,i will be very thankful with who will come with some advices.I was trying all the applications from play,none of them works.thanks.
Click to expand...
Click to collapse
nobody can help me?
You misinterpreted the advice. There is a better (although not great) chance of recovering/accessing "lost" data if the phone is bootloader unlocked, custom recovery, root before the data loss occurred. It's too late to do it after the data loss occurred (and you don't describe how you lost the data). Reason being, unlocking the bootloader wipes all data on the phone (for security reasons), so the chance of retrieving anything now is slim to none.
I'm always surprised (and somewhat disturbed) that in this day and age, so many folks don't bother to backup their data. You should be backing up your data, and there is little excuse for not doing so; with so many free and easy solutions (cloud, computer, etc.). If it's important to you, back it up.
I don't use WhatsApp. But if you are talking about Google contacts, the default in Android is to sync all your contacts to the Google "cloud". So unless you intentionally selected to turn off this default (not wise, if you don't have any other backup plans) the data should still be on your Google account. You can go to Gmail on a computer, login using your Google account credentials, and see if the contacts are listed. If so, they will automatically sync back to the M8, or other Android phone when you power it up, and login to your Google account.
redpoint73 said:
You misinterpreted the advice. There is a better (although not great) chance of recovering/accessing "lost" data if the phone is bootloader unlocked, custom recovery, root before the data loss occurred. It's too late to do it after the data loss occurred (and you don't describe how you lost the data). Reason being, unlocking the bootloader wipes all data on the phone (for security reasons), so the chance of retrieving anything now is slim to none.
I'm always surprised (and somewhat disturbed) that in this day and age, so many folks don't bother to backup their data. You should be backing up your data, and there is little excuse for not doing so; with so many free and easy solutions (cloud, computer, etc.). If it's important to you, back it up.
I don't use WhatsApp. But if you are talking about Google contacts, the default in Android is to sync all your contacts to the Google "cloud". So unless you intentionally selected to turn off this default (not wise, if you don't have any other backup plans) the data should still be on your Google account. You can go to Gmail on a computer, login using your Google account credentials, and see if the contacts are listed. If so, they will automatically sync back to the M8, or other Android phone when you power it up, and login to your Google account.
Click to expand...
Click to collapse
it s hard to explain how i lost all data..i was in a trip in thailand,and i was jsut charging the phone,with wifi turned on.when i got back to the room,all the application were updating,and after i realised that i have no contacts. Back up,yeah.its my fault.but now is too late..since i have a smartphone.i dont know..10 years,i never lost my data,or phone..so thats why i was not thinking too much for a back up.there are a lot of application on internet..like android recovery data,for example(paid)but they are not working..they are such big liars?imagine,they are saying they recover any data,from all htc,ur paying,and recoverng nothing
morrientes99 said:
since i have a smartphone.i dont know..10 years,i never lost my data,or phone..so thats why i was not thinking too much for a back up.
Click to expand...
Click to collapse
That's the wrong way to think about a backup plan. You have one, in the hopes that you never need it.
So you never had a problem for 10 years (I can pretty much say the same), but now you do, and you wished you backed up, right? So now it really doesn't matter how long you didn't have an issue, does it?
Not sure where you're from. But one example, where I live, it's customary if you own a home, you have home insurance. You don't think to yourself "Well, my house hasn't burned down in the last few years, so I don't need insurance."
These storage on devices are volatile at best. Storage can go corrupt for any number of reasons. Or you can lose your phone, have it stolen, or it can be broken. "I've been lucky for a long time" is not a good backup plan.
morrientes99 said:
there are a lot of application on internet..like android recovery data,for example(paid)but they are not working..they are such big liars?imagine,they are saying they recover any data,from all htc,ur paying,and recoverng nothing
Click to expand...
Click to collapse
Recovering data is always just a possibility at best.
If you are talking about trying these apps after unlocking the bootloader, there is nothing to recover, it's been intentionally wiped by the bootloader unlock process. The purpose of this, is to prevent thieves from recovering your personal data from a stolen or lost phone. The whole point of your data being wiped, is that it can't be recovered.
Even if you tried some of these apps before unlocking the bootloader, the possibility of recovering data is always questionable, at best. Usually, the usefulness of these apps is just find data that has been accidentally "deleted" by the user. This data is fact not really deleted, it just gets renamed, until those blocks of memory are needed. Then it gets over-written with new data, and once that happens, the data can't be recovered. So the more you use your phone while trying to "recover" data, the higher the possibility that the data is over-written, and can't be recovered.
There are software and services for (truly) recovering over-written data, of the type that professionals and law enforcement use. They can read the "ghost" data traces even after a file has been wiped or over-written. But those cost hundreds, maybe thousands of dollars to recover that data. Not worth it for regular folks just trying to retrieve their personal data.
redpoint73 said:
That's the wrong way to think about a backup plan. You have one, in the hopes that you never need it.
So you never had a problem for 10 years (I can pretty much say the same), but now you do, and you wished you backed up, right? So now it really doesn't matter how long you didn't have an issue, does it?
Not sure where you're from. But one example, where I live, it's customary if you own a home, you have home insurance. You don't think to yourself "Well, my house hasn't burned down in the last few years, so I don't need insurance."
These storage on devices are volatile at best. Storage can go corrupt for any number of reasons. Or you can lose your phone, have it stolen, or it can be broken. "I've been lucky for a long time" is not a good backup plan.
Recovering data is always just a possibility at best.
If you are talking about trying these apps after unlocking the bootloader, there is nothing to recover, it's been intentionally wiped by the bootloader unlock process. The purpose of this, is to prevent thieves from recovering your personal data from a stolen or lost phone. The whole point of your data being wiped, is that it can't be recovered.
Even if you tried some of these apps before unlocking the bootloader, the possibility of recovering data is always questionable, at best. Usually, the usefulness of these apps is just find data that has been accidentally "deleted" by the user. This data is fact not really deleted, it just gets renamed, until those blocks of memory are needed. Then it gets over-written with new data, and once that happens, the data can't be recovered. So the more you use your phone while trying to "recover" data, the higher the possibility that the data is over-written, and can't be recovered.
There are software and services for (truly) recovering over-written data, of the type that professionals and law enforcement use. They can read the "ghost" data traces even after a file has been wiped or over-written. But those cost hundreds, maybe thousands of dollars to recover that data. Not worth it for regular folks just trying to retrieve their personal data.
Click to expand...
Click to collapse
my concern was regarding the possibility of recovering data,not if its good/or bad to have a back up..i was loosing contacts and I survived..now all people are on facebook,so phone numbers,are not so important..but thanks about second part of ur post,which is connected with my problem,regarding insurances,and back ups,its another topic..its not about country where ur living,its about mentality..there are people who are making insurance each time they have the chance(because of course its good all the time to be insured),and there are people more relaxed, who are assuming this risks..of course,u will never know which is the best way..i heard more people insured,who never had any problem,than people not insured with problems
morrientes99 said:
my concern was regarding the possibility of recovering data,not if its good/or bad to have a back up..but thanks about second part of ur post,which is connected with my problem,regarding insurances,and back ups,its another topic..its not about country where ur living,its about mentality..
Click to expand...
Click to collapse
I answered your question, and trying to get you to learn from the experience. Which in the long run is just as important, if not more so, than the immediate question.
Your point about a "choice" about a backup plan is not really much of a choice, at all. Backing up data is a no-brainer and everyone should do it, as there are a variety of free and easy methods available, that once setup require little interaction by you. There is not excuse not to.
The Internal memory is encrypted by default, But i cannot find a way to encrypt the micro-sd card and that`s where i store all my data, photo`s, video`s ect.
If i loose my phone or it`s stolen the micro-sd can easly be removed and read on multitude of devices.
So what am i missing, Maybe i am blind and have missed the option.
Thanks.
Backup Rule #1 Never encrypt backup data.
YOU are the one most likely to get locked out, permanently.
No one will be able to recover the data if this happens, you will be boned.
Meh anyone trying to steal my phone will see red... and lots of it.
Don't flash your phone when out and about. Stay in real time were your attention needs to be!!!
Phone in pocket, out of sight.
Never lay the phone down; get in the habit of putting it in your pocket in unsecured locations.
If the data is that sensitive it probably shouldn't be on the phone...
Always have redundant safeguards for if the data is compromised. Plan ahead!
A rootkit could turn your Android into an open book...
Hello,
As the title says, I have an issue with A5 2017 that has Android 8? and current software is A520FXXUGCTKA.
Girlfriend used it before the new phone she got, transferred most of the data, SIM and SD card but A5 suddenly went into some kind of lock.
"Your device was reset recently and it needs PIN to be unlocked. You can't use fingerprint until you unlock it with PIN" - something along those lines.
Is it possible to unlock or flash some recovery to bypass that lock? She already tried a ton of different pins and still can't unlock it - only makes the timer go up.
The phone is not stolen or anything like that. My girlfriend genuinely needs leftover data from there to transfer to new phone.
Hope I am not breaking any rules and if you have any more questions or need more info, feel free to ask me.
Someone may have a better Plan.
The data may be lost if not.
Meh... always redundantly backup critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC.
blackhawk said:
Someone may have a better Plan.
The data may be lost if not.
Meh... always redundantly backup critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC.
Click to expand...
Click to collapse
Your backup plan is easier said then done when a person is not that knowledgeable in tech realm.
She didn't care about backups but she always kept pictures and small amounts of data on a laptop.
Anyway, would you recommend any of the "unlocker apps" you linked?
GhostFella said:
Your backup plan is easier said then done when a person is not that knowledgeable in tech realm.
She didn't care about backups but she always kept pictures and small amounts of data on a laptop.
Anyway, would you recommend any of the "unlocker apps" you linked?
Click to expand...
Click to collapse
I was completely computer illiterate in 2004.
Completely Android stupid in 2014. You identify what you need to do and go from there. If you play with what you need to learn, you will learn it.
One needs to learn about hardware as well to make good choices.
There are no shortcuts, it takes time.
One of the first priorities should be data backup. That's one of the main reasons to use a computer, to catalog and store data.
There are only two types of computer users, ones that have lost data, and those that will.
Being of the former group I can safely say that you can never have too many backup hdds and drives.
As for unlocker apps, no clue. I have done everything I can to avoid that unpleasant situation.
blackhawk said:
I was completely computer illiterate in 2004.
Completely Android stupid in 2014. You identify what you need to do and go from there. If you play with what you need to learn, you will learn it.
One needs to learn about hardware as well to make good choices.
There are no shortcuts, it takes time.
One of the first priorities should be data backup. That's one of the main reasons to use a computer, to catalog and store data.
There are only two types of computer users, ones that have lost data, and those that will.
Being of the former group I can safely say that you can never have too many backup hdds and drives.
Click to expand...
Click to collapse
You are completely lost in helping people aren't you?
The point and main question of the post was "(if possible) how to recover data or remove pin lock from [model] phone".
If you wish to reply, please keep on the subject and main question as I am not interested in how YOU got literate in computers.
GhostFella said:
You are completely lost in helping people aren't you?
The point and main question of the post was "(if possible) how to recover data or remove pin lock from [model] phone".
If you wish to reply, please keep on the subject and main question as I am not interested in how YOU got literate in computers.
Click to expand...
Click to collapse
Really? I think the data is already lost.
The reason you're in this situation is because you choose to be. Actions or lack of, have consequences.
Most things can't be fixed after they're broke.
Was trying to show you how not to become the definition of insane. Past vs future.
Sound familiar?
I'm always the pragmatist at a bonfire...