500-630 million Android phones open to post-wipe data recovery

iConnected · May 22, 2015

Interesting article on the The Register today:

http://www.theregister.co.uk/2015/05/22/factory_reset_fails_in_half_a_billion_android_phones/

Issue reportedly allows recovery of, for example:

- Tokens for Google, Facebook and others
- Data including SMS, photos and videos

SlCKB0Y · May 22, 2015

iConnected said:
Interesting article on the The Register today:

It's not really interesting at all.

Seems to just try and be controversial which is the only reason it has been reposted here as well.

iConnected · May 22, 2015

SlCKB0Y said:
It's not really interesting at all.

Seems to just try and be controversial which is the only reason it has been reposted here as well.

Thank you for your opinion and incorrect allegation.

diamond.g · May 22, 2015

So what Nexus device did they test? They also mentioned enabling FDE would likely thwart the data recovery attempt.

EDIT: So they had 3 Nexus 4's, but chose not update it to 4.4 so they could see if the flaw persists. :/

From PDF said:
Other devices in our sample for which we do not present
results (too few devices) include the Motorola Defy (Eclair,
v2.1.x), Nexus 4 and Nexus 5 (KitKat, v4.4).

iConnected · May 22, 2015

diamond.g said:
They also mentioned enabling FDE would likely thwart the data recovery attempt.

The researchers reportedly said: "Full-disk encryption has the potential to mitigate the problem, but we found that a flawed factory reset leaves behind enough data for the encryption key to be recovered."

The Reg journalist ended with: "this author suggests users may be able to counter the attack by enabling full disk encryption and creating very long complex passwords just before handsets are wiped for sale in a bid to make brute forcing of keys impractical"

jamezr · May 22, 2015

iConnected said:
The researchers reportedly said: "Full-disk encryption has the potential to mitigate the problem, but we found that a flawed factory reset leaves behind enough data for the encryption key to be recovered."

The Reg journalist ended with: "this author suggests users may be able to counter the attack by enabling full disk encryption and creating very long complex passwords just before handsets are wiped for sale in a bid to make brute forcing of keys impractical"

I am glad you are so concerned for Android phones! I am sure your motives are in the right place. Because you are such a regular contributor to the alternative section I am sure you don't have ulterior motives at all!

Did you see this IOS vulnerability?
The thing about exploits and vulnerabilities..........ALL software has them.

http://www.forbes.com/sites/thomasbrewster/2015/02/19/ios-copycat-app-vulnerability/

iConnected · May 22, 2015

jamezr said:
I am glad you are so concerned for Android phones! I am sure your motives are in the right place. Because you are such a regular contributor to the alternative section I am sure you don't have ulterior motives at all!

Oh for goodness sake.

I don't use alternatives to iOS myself, so don't normally have anything to contribute here.

Does that offend you? If so, I apologise.

I noticed and read the article because I have family members who do have older Android phones and who regularly turn to me for advice. (The fact that all I end up doing is reading their manuals out loud to them seems to keep escaping them).

I personally found the information in it interesting. Please excuse me for that.

And I noted that it offered practical advice, which I will follow when my family members eventually ask me how they should best go about disposing of their old Android phones.

I thought others might be similarly interested and/or find the advice similarly useful. Those were my only motives. And I thought this was the most relevant place on the MR forums to share it.

Does that offend you? If so, I apologise again.

jamezr · May 22, 2015

iConnected said:
Oh for goodness sake.

I don't use alternatives to iOS myself, so don't normally have anything to contribute here.

Does that offend you? If so, I apologise.

I noticed and read the article because I have family members who do have older Android phones and who regularly turn to me for advice. (The fact that all I end up doing is reading their manuals out loud to them seems to keep escaping them).

I personally found the information in it interesting. Please excuse me for that.

And I noted that it offered practical advice, which I will follow when my family members eventually ask me how they should best go about disposing of their old Android phones.

I thought others might be similarly interested and/or find the advice similarly useful. Those were my only motives. And I thought this was the most relevant place on the MR forums to share it.

Does that offend you? If so, I apologise again.

So the vulnerability I posted for you for IOS. Are you going to post in the IOS section? Your so concerned about the security of people mobile phones in all that!
Why not? Does my calling you out offend you? Keeping you honest about your motives offend you? See how that stuff works in reverse? So run along and post the threat I gave you for all of your ifriends to see since your so concerned for people.

diamond.g · May 22, 2015

iConnected said:
The researchers reportedly said: "Full-disk encryption has the potential to mitigate the problem, but we found that a flawed factory reset leaves behind enough data for the encryption key to be recovered."

The Reg journalist ended with: "this author suggests users may be able to counter the attack by enabling full disk encryption and creating very long complex passwords just before handsets are wiped for sale in a bid to make brute forcing of keys impractical"

Yeah I ended up reading the report. I would recommend anyone with an older Android device that isn't a Nexus (4 or greater) get a newer device as most of the OEM's don't upgrade. Of course without them releasing the results of the 4.4+ devices it is hard to say if the issue persists.

iConnected · May 22, 2015

jamezr said:
Does my calling you out offend you? Keeping you honest about your motives offend you? See how that stuff works in reverse?

You are not demonstrating anything in reverse.

You challenged my motives based on your own false assumptions. You caused offence by doing so. And you were wrong.

And I'm not sure why you think it would be "news" to anyone if I, you or anyone else posted information elsewhere about an iOS vulnerability that was written about over 3 months ago.

Enough with your silly trolling.

jamezr · May 22, 2015

iConnected said:
You are not demonstrating anything in reverse.

You challenged my motives based on your own false assumptions. You caused offence by doing so. And you were wrong.

And I'm not sure why you think it would be "news" to anyone if I, you or anyone else posted information elsewhere about an iOS vulnerability that was written about over 3 months ago.

Enough with your silly trolling.

No I am a regular here in this section....you are not and your only goal in posting this is to inflame and post misinformation.
tell me how many other security type postings have you ever made? Thought so.... Then did you post the IOS security threat I gave you? Thought so...your agenda is quite iclear.

balamw · May 22, 2015

MOD NOTE: Please knock off the useless bickering. Thread isn't productive at this point.

B

Search

Search

500-630 million Android phones open to post-wipe data recovery

iConnected

macrumors 6502a

SlCKB0Y

macrumors 68040

iConnected

macrumors 6502a

diamond.g

macrumors G4

iConnected

macrumors 6502a

jamezr

macrumors P6

iConnected

macrumors 6502a

jamezr

macrumors P6

diamond.g

macrumors G4

iConnected

macrumors 6502a

jamezr

macrumors P6

balamw

Moderator emeritus

Our Staff