Want To Ensure Your Personal Android Data Is Truly Wiped? Turn On Encryption 91
MojoKid writes We've been around the block enough times to know that outside of shredding a storage medium, all data is recoverable. It's just matter of time, money, and effort. However, it was still sobering to find out exactly how much data security firm Avast was able to recover from Android devices it purchased from eBay, which included everything from naked selfies to even a completed loan application. Does this mean we shouldn't ever sell the old handset? Luckily, the answer is no. Avast's self-serving study was to promote its Anti-Theft app available on Google Play. The free app comes with a wipe feature that overwrites all files, thereby making them invisible to casual recovery methods. That's one approach. There's another solution that's incredibly easy and doesn't require downloading and installing anything. Before you sell your Android phone on eBay, Craigslist, or wherever, enable encryption and wait for it to encrypt the on board storage. After that, perform a wipe and reset as normal, which will obliterate the encryption key and ensure the data on your device can't be read. This may not work on certain devices, which will ask you to decrypt data before wiping but most should follow this convention just fine.
Re: (Score:1)
I'd nuke it from orbit...
Re:And then throw it in a fire (Score:5, Informative)
This.
What is the value of a used device? Compare that to the risk of the data on that device going to a malevolent third party.
I've had people saying "oh, look at all these hard drives, you should totally sell them on ebay and I bet you could get $10 apiece for them!" Adding up the time I would waste running DBAN or sdelete or whatever, and keeping track of which ones have been wiped, and double checking to make sure everything is really gone, it's not worth the time.
A big hammer and a punch, driven deeply through the thin aluminum cover and down the platter area, takes about a second and leaves nothing anybody would bother trying to recover. You can quickly look at a drive and say "yes, this drive has been taken care of", or "hey, there's no jagged hole here, this drive isn't destroyed." The aluminum cover contains the shards if the platters are glass. I don't care who handles them after destruction. There's no worries about toxic smoke. And if you have to inventory them before shipping them to a recycler, the serial numbers are still readable.
Smashing a phone wouldn't destroy the data on the chips, so a fire is a somewhat safer option.
Re: (Score:1)
course, there is the risk of physical damage to your hand using your data destruction method...
Re: (Score:2)
As far as I know, the hardware is no different than a standard platter drive and since most phones can be mounted to and read/written from a normal PC, I really see no reason why you couldn't use a secure rewrite with something like CCleaner or even use killdisk if you want to WIPE the phone. Don't quote me on it, because I've never tried myself on a phone but I would think it is fine.
Most people who say to "destroy" the drive are just being overly cautious. For anything that does multiple overwrites on a
Re: (Score:2)
You don't know very far then, do you? But yes, a secure rewrite of the full device should wipe the flash to the point where some serious lab equipment is needed to recover anything from the device.
Re: (Score:2)
That would be why I posted that caveat... Obviously it isn't a 3.5'' or a 2.5'' platter drive, those are literally bigger than the phones most of the time, but conceptually it is the same principles for OS data storage and access (probably isn't using magnetic platters, but neither do SSDs and you can do the same things to both).
Re: (Score:1)
I very regularly need to physically destroy hard disks, and depending on the vendor, it's actually rather tough - especially 15K SCSI jobbies which, due to the rotational speed require very sturdy housings.
Couple of weeks ago I had to wreck 3 dozen old worthless drives - even with running water to keep the bit cool, I still went through 4 tungsten bits.
Re: (Score:1)
Sadly I only have a
Re: (Score:3)
What is the value of a used device? Compare that to the risk of the data on that device going to a malevolent third party.
That depends on the device. The fact that you liken them to a $10 harddisk is a problem for your argument. A Galaxy S4 fetches some $300 used on ebay. A Galaxy S4 with a broken screen is still fetching some $150+
That's the value of a used device. Now take $300 in your hand right now, hold a lighter under it and ask yourself, would you light it up right now to maybe protect the data on your phone from the slight chance that someone wants the phone for your secrets rather than as a replacement for the one the
Re: (Score:2)
I don't think you considered the depth of the question: what is the risk? Could your device contain credit card information? Could it have your social security numbers? Could it have a way to access your bank account? Your retirement accounts? Your brokerage accounts? A lot of your personal finances could be at risk. Are you wealthy enough to be worth kidnapping, and if so, could the device provide access to your family's panic room, or to your alarm system? What about medical information? Assign
Re: (Score:2)
I don't think you considered the depth of the question: what is the risk? Could your device contain credit card information? Could it have your social security numbers? Could it have a way to access your bank account? Your retirement accounts? Your brokerage accounts? A lot of your personal finances could be at risk. Are you wealthy enough to be worth kidnapping, and if so, could the device provide access to your family's panic room, or to your alarm system? What about medical information?
My device *could* also be used as a sex toy, be implicated in the murder of someone by blunt force trauma, or contain state secrets. Why not rephrase the question, rather than asking "could" it contain, ask "does" it contain.
Now, divide by the likelihood your device will be compromised - you might estimate that tens of millions of devices are recycled each year, and you might figure a hundred thousand are handled by people who would like to steal from them, giving you roughly a 1 in 100 chance of having your device compromised. Would you bet the information above on those odds for $300?
Yes, because your hypothetical doomsday scenario doesn't apply to the device. Now lets look at something more realistic. The vast majority of devices will leak personal information. It has my name and address, it has nickname and email accounts. Would I risk a 1 in 100 chance despite ho
Re:And then throw it in a fire (Score:5, Funny)
Re: (Score:2)
What is this android thing? (Score:2)
Free space (Score:4, Insightful)
Re: (Score:2)
Re: (Score:3)
That's the point.
The point is not to enable encryption for day-to-day use of your phone (because Android forces you to have a PIN or password at a minimum, no more facial recognition), and given how inconvenient th
Re: (Score:2)
Android encryption is done on a partition basis - so the entire partition is going to get clobbered by the encryption process.
The only way data might "leak" out of this is if the eMMC wear leveller saves off the information somewhere - but this requires a pretty sophisticated attacker to recover. Also, Android's wiping facility has done an eMMC secure erase since ICS (exception - Samsung Galaxy S2 family does either a standard format or a nonsecure erase, since firing a secure erase at Samsung's defective
srm -v -z (Score:1)
5 random passes.
27 passes with special values defined by Peter Gutmann.
Rename the file to a random value
Truncate the file
viola !
Re: (Score:1)
viola
I do not think this word means what you think it means.
Re: (Score:2)
Re:srm -v -z (Score:5, Insightful)
The "special values" were from Guttmann's paper on wiping MFM/RLL drives. It is pointless on any modern magnetic drive or solid state memory. He points out in his newer paper on solid-state memories that multi-level flash (now used everywhere other than the most performance critical applications) is particularly hard to recover data from. Furthermore, the wear-leveling strategies used in flash mass storage devices negates any attempt to securely wipe them short of physical destruction. You're just practicing cult cargo voodoo.
Re:srm -v -z (Score:4, Interesting)
>Furthermore, the wear-leveling strategies used in flash mass storage devices negates any attempt to securely wipe them short of physical destruction.
Well, it confounds it at any rate. But completely filling the device's memory 33 times in a row is pretty likely to overwrite everything at least once or twice - even the hidden "failure reserve" space if it's included in the wear leveling (and if it's not, then it doesn't yet hold any sensitive data, so there's no problem). Guttmann's values may be irrelevant to today's storage media, but that many repeated rewrites of anything still mostly does the job.
I don't know that I'd trust it to wipe vital military secrets, but it should do a good enough job for most anything in the civilian realm.
Re: (Score:3)
Well, it confounds it at any rate. But completely filling the device's memory 33 times in a row is pretty likely to overwrite everything at least once or twice - even the hidden "failure reserve" space if it's included in the wear leveling (and if it's not, then it doesn't yet hold any sensitive data, so there's no problem). Guttmann's values may be irrelevant to today's storage media, but that many repeated rewrites of anything still mostly does the job.
If you were an engineer in charge of destroying data printed on paper, and you decided on shred then burn then stir the ashes in water, how many times would you repeat the cycle in order to be sure the data was destroyed? Hint: if your recommendation is greater than one (in order to be pretty sure), check your job title, because you're probably Dilbert's pointy-haired boss.
Drives today work almost nothing like the drives of 20 years ago. They don't paint bit-bit-bit in a stripe, they encode a set of bits in
Re:srm -v -z (Score:4, Informative)
Not quite - modern magnetic drives still have tracks wider than the read-write head so that atomic-level alignment isn't necessary. There may be far less "overwrite" than there once was, but if a newly recorded track is not *perfectly* aligned with the last recording then there may well be several percent of the previously recorded track that remains unaltered (consider the worst case scenario case that the previous recording in this track was written at the smallest radius allowed by actuator tolerances, while this pass is at the maximum radius allowed). Now, recovering that data will probably require removing the platters and analyzing them with much higher resolution read heads, but it can be done.
I was more addressing the problems with flash though - in order to disguise degradation modern flash drives typically include more capacity than is addressable by the host system. Fill it to the brim so there are zero bytes free, and there's still several percent of the total drive capacity that is sitting unused in the reserve pool. The only way to overwrite that (barring a OS-accessible "secure wipe" command implemented on the drive) is to generate sufficient churn that the internal wear leveling algorithms cycle through every byte of the reserve capacity at least once. And since you probably don't know the exact algorithm used or wear levels of the drive to begin with, more is better - after all you have to tease out the most heavily used page currently sitting in the reserve.
Re: (Score:3)
This is not required.
https://security.web.cern.ch/s... [web.cern.ch] is relevant.
This actually investigates the physics behind overwriting - in short - once is quite enough today.
There are concerns about reallocated space on hard disks - but 99.99% of the data has gone
away, and recovering the rest is at best expensive.
Dupe? (Score:1)
Re: (Score:3)
Followup, not dupe. The post you referenced is also referenced in the summary.
Encryption should be used WHILE you own it... (Score:1)
It's just too bad that it makes your android device run like complete sh!t.
Comment removed (Score:5, Insightful)
Re: (Score:2)
Re:Full-disk wipe or only current data? (Score:5, Informative)
According to the android documentation it is full-disk encryption [android.com] based on dm-crypt.
Re: (Score:1)
Who gives a shit what the documentation says. Actual implementation is what matters. Do you really trust a mobile platform to be faithful to the documentation when you're trying to wipe a partition (which could easily be implemented directly but isn't) by first encrypting all data and then throwing away the key? Various recoveries silently switched from imaging to archiving for their backup functions (and then fail to restore because they don't handle all aspects of the filesystem), and even though they off
Re:Full-disk wipe or only current data? (Score:5, Insightful)
Who gives a shit what the documentation says. Actual implementation is what matters.
Absolutely. So, look at the source: https://android.googlesource.c... [googlesource.com]
That file contains the code that generates the master key, derives the key encryption key used to protect it (using scrypt), stores the protected master key, and configures dm_crypt with the master key.
Some functions to look at:
- create_encrypted_random_key(), which creates the master key (reading from /dev/urandom).
- encrypt_master_key(), which derives a KEK from your password and uses it to encrypt the master key.
- decrypt_master_key(), which does the reverse.
- create_crypto_blk_dev(), which creates dm_crypt block device.
- cryptfs_setup_volume(), which mounts an encrypted block device.
- cryptfs_enable_inplace(), which encrypts an existing file system.
Do you really trust a mobile platform to be faithful to the documentation when you're trying to wipe a partition (which could easily be implemented directly but isn't) by first encrypting all data and then throwing away the key?
The device doesn't know you're trying to wipe. It knows that you (a) requested full disk encryption and then later (b) requested a wipe. So it can't optimize (a) away. I suppose it's possible it could just lie and tell you "Yep, I'm encrypting" even though it isn't, but that's the sort of thing that would definitely get noticed by security analysts and gleefully published.
"It's just matter of time, money, and effort." (Score:5, Interesting)
It's well established that plenty of consumers discard or donate hard disks without taking any precautions, and are playing roulette with their identity. It's also well established that hundreds of millions of tons of this equipment is replaced, resold, stolen or discarded, and most people who wind up with the secondary device lack either the time, money, or effort to scavenge data off the phone. If in fact someone is in the identity theft business by buying phones on ebay, they'd profile themselves pretty well after a dozen phone purchases (what do these data-theft-victims have in common?). And who knows how many phones they'd have to buy which had been wiped in some way (and required more time, money and effort)?
This isn't a bad article in that it birddogs simple things you can do before selling your used phone, and if it elevates the perception of risk in order to get people to do something easy, that's appropriate. But in response to people who are shooting and burning their devices to be "100% sure" that no one spends the time, money and effort to follow them... that's appropriate if you are a high risk target. If you have stuff on your phone of interest to the FBI or KGB, the amount of time+money+effort may be less than or = the amount of risk. Your call.
But there is a lot of hyperbole out there about the percentage of identity theft which is traced to secondary market devices, and the billions of dollars in secondary market sales on sites like ebay represent time+money+effort interest in new product makers to spend fanning flames. Again it's appropriate that the article raises concerns and then points to simple efforts a consumer can take to increase the barrier-to-entry to their personal data. But the army of ebay buyers getting their porn fixes by buying and then de-encrypting cell phones to retrieve ugly selfies seems exaggerated. Warn people about sharks if they are swimming in shark infested waters, don't tell people that most swimmers will be attacked by sharks.
Tear your mail in 8 pieces and someone could dig it out of the trash and tape it together, but the time+money+effort that represents is significant. I remember people selling paper shredding equipment in the 1990s who described armies of Iranian students or Chinese peasants who could be buying torn paper and taping it back together. If they know it's the President of the USA's mail, they no doubt will expend that time+money+effort... Presidents should assume they are swimming in a shark tank. For most of us, ebay resales are a swimming pool, and warnings of shark attacks get tiresome.
usually will not do the sdcard partition (Score:3)
Last time I checked the standard Android encryption will not do the sdcard partition (I mean not the physical card, but the partition on the internal flash, usually the biggest chunk of it, like let's say 11 out of 16GB). YES, some manufacturers like Samsung and Motorola (possibly many more) have their own solution (I bet a really crappy one but never mind that) and it would do mostly everything, including the big sdcard partition and (if needed) even the physical sdcard.
Anyway bottom line is that:
a. depending on the phone you might not be able to encrypt at all /sdcard
b. ANY activity, including storing random (non-private) crap on the phone and then removing it helps. However, this is no maggic bullet.
Re: (Score:2)
Last time I checked the standard Android encryption will not do the sdcard partition (I mean not the physical card, but the partition on the internal flash, usually the biggest chunk of it, like let's say 11 out of 16GB).
I'm pretty sure that's not true, because it would make device encryption pretty much useless. A glance at the code certainly appears to show that it encrypts all volumes, but maybe /sdcard somehow gets excluded from the list? I'll ask my colleague, who "owns" disk encryption for Android at Google, tomorrow and post a followup.
I'll also note that none of the devices I have handy (Galaxy Nexus, Nexus 4, Nexus 5, Nexus 7 1st & 2nd gen, Nexus 10, Moto X, Moto RAZR M, Samsung Note 2) even have an /sdcard p
Re: (Score:2)
Yeah, we're fully aware of the problem. Improvements are in the pipeline. I'm not sure I can disclose what, exactly, although there's obviously no reason to be secretive about this.
"overwrites all files" How Many Times? (Score:2)
Re: (Score:2)
Doesn't really matter - nobody has ever successfully recovered information from magnetic history like that.
There was a $1m prize for nearly a decade and not one "recovery" company could claim it.
Once a bit on a magnetic / solid state device is overwritten, that's your lot. Now, whether you overwrite ALL bits or not (e.g. reserved areas, replacement sectors, etc.) is another question entirely.
Re: (Score:2)
You can be pedantic, and replace with "electromagnetic history" if you like, but to be honest - apart from pedantry - it just makes the case more. And I do mention "solid-state" in the next paragraph.
You can't tell what a bit held on a memory storage device held historically with ANY degree of accuracy at all. Flash memory even less so than 40-year-old hard drives, in fact.
Re: (Score:2)
Go ahead, try to convince a homeopath [homeopathy-soh.org] that there's no memory of stuff that's no longer there!
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
My understanding is that in the old days of 20mb hard drives, storage densities were sufficiently low that even after one pass someone might be able to recover the data with at least some degree of fidelity. Once we entered the world of gigabyte drives, densities are so high that it's all but impossible to recover any data after even a single pass wipe
Re: (Score:2)
Re: (Score:2)
Back in the days of MFM drives (and the previous decades), is was needed. But that was because there was space on the media that wasn't actively used for bits, and so would leave traces. Such waste was eliminated long ago in the quest for ever-larger drives.
Re: (Score:2)
There is still a gap between tracks in today's drives; just nowhere near as much so whatever signal might be available on the fringes will be much weaker.
The real killer for PRML-based drives is that to cope with the amount of noise the head receives from nearby tracks, the coding itself relies on statistical analysis to reconstruct the data. Whatever signal might be on the fringe will be some blend of the old data under the current track, the new data, data on the tracks to either side, the previous data o
Re: (Score:2)
Right - there's a physical gap, but there's no redundancy there, as there's no magnetic gap - infact as you noted there's actually overlap needing cleverness to sort out on a normal read.
Re: (Score:2)
The overlap region between ideal track centers is still somewhat of a gap; albeit not a dead/silent one.
There will still be some residual information in there due to head deviations from the ideal path and when solving complex puzzles like reconstructing overwritten PRML blocks, every little extra hint counts.
I have little doubt it is possible to recover at least some data from PRML drives that have been erased once, maybe twice. But the process would probably require the precision and sensitivity of someth
Unsafe Advice (Score:5, Informative)
Any marginal blocks mapped out before you encrypt will remain unencrypted and may be available to a determined attacker. Same goes for hard drives, and SATA secure erase is not provably trustworthy. Always encrypt your storage before you put any data on it. If you do not trust your hardware AES to not be backdoored then use software crypto.
Re: (Score:2)
Any marginal blocks mapped out before you encrypt will remain unencrypted and may be available to a determined attacker. Same goes for hard drives, and SATA secure erase is not provably trustworthy. Always encrypt your storage before you put any data on it. If you do not trust your hardware AES to not be backdoored then use software crypto.
Yes, the safest approach is to enable encryption just after you get the device (after using it for a few minutes to accumulate some randomness in the Linux randomness pool, so you get a good key). If you don't, totally wiping it is more or less impossible, though the odds of anything significant surviving either the normal wipe or the encrypt & wipe (which probably won't actually do any more than the wipe) are pretty small.
take blank video (Score:2)
and use up all free space. repeat again. Assumes you are saving things to internal "sdcard" and not the external.
Meanwhile in iOS land (Score:2, Flamebait)
In iOS, when the factory reset is performed the key is removed so when the phone is reset and tied to a new account a new key is generated which is unable to access the old content. I'd rather the content was erased first, just in case some exploit is uncovered that can get at that key, but it's better than what Android has.
To expect an Android user to know that they must first encrypt the phone then do a factory reset if they want their data actually erased is absurd. Does Google not share the same view as
Re: (Score:1)
Dupe: Why is this even an article? (Score:1)
What else is new? (Score:2)
Whenever we take hard drives out of service we run a secure wipe if we are able to so they can be handed down.
There seem to be a few utilities in the app store to securely wipe storage however would have been really nice if this was an option user is presented with when wiping their device.
I personally wouldn't store anything worth protecting on a mobile phone (including device encryption keys) I don't trust myself not to screw it up... any passible security measure (linked to device key chain) would be wa
all data is recoverable - unless you're the IRS (Score:3)
"all data is recoverable"
Wanna bet? -- Lois Lerner
Clueless (Score:2)
You're using an operating system built by an advertising company and you expect privacy?
Just throw it in the blender... (Score:2)
I'd use encryption if... (Score:3)
...if it didn't force me to also use an alphanumeric password on my new phone. It's got a fingerprint scanner. I want to use that to unlock my phone. But that's disabled if I turn on encryption. Same with my new tablet. So no encryption for me on these devices. Both of my previous devices were content with a PIN which is considered as secure as the fingerprint scanner. Seems ridiculous that I can't determine the level of risk I'm comfortable with.
Re: (Score:2)
The better solution is to use a Windows Phone. You can be sure no one will want to buy that on ebay ;-)
Re: (Score:2)
A dirt-cheap, little used phone more secure than Android? that feels like a good idea.
Re: (Score:2)
What encryption is used? If there's no major flaw in the algorithm that can simplify the breaking by many orders of magnitude, and if compared to what we can break now the thing is 2^64 or 2^128 times harder to break (or some measure worse than that), good luck with that, even in 20 years.
Re: (Score:2)
If everyone did the same to all things..
When you pack and move, tear down your house with a jackhammer, sledgehammer etc.
When you divorce, murder your wife.
When your Windows laptop is slow because of malware and lack of RAM, pour gasoline on it and set it on fire.
Broke a windshield, take your car to a junkyard and have it compressed to a very small cube.
After you had dinner, empty your fridge and flush everything you didn't eat in the toilet.