Social Icons

Showing posts with label confidentiality. Show all posts
Showing posts with label confidentiality. Show all posts

Sunday, May 24, 2015

Android Factory Reset : How trustworthy from a PRIVACY view?

1.  It is an accepted fact that one can remove all data from Android devices by resetting it to factory settings, or doing a "force reset." One can do so by either using the Settings menu to erase all your data or by using the Recovery menu.It is also understood that by performing a factory data reset, all data — like apps data, photos, and music etc will be wiped from the device.This reset in most of the cases will be required as a maintenance issue or when the user decides to sell his mobile to some other third guy.Now when he does a factory reset for ensuring himself that all his/her data is removed from the mobile,there is a sad angle recently revealed in a paper named "Security Analysis of Android Factory Resets" by Laurent Simon and Ross Anderson@University of Cambridge available at http://www.cl.cam.ac.uk/~rja14/Papers/fr_most15.pdf  that proves with technical demonstrations to negate the fact that the data and all privacy of accounts goes with the reset.Read on further for brief details...

2.  Even with full-disk encryption in play, researchers found that performing a factory reset on Android smart-phones isn’t always what it’s assumed safe up to be.Researchers found the file storing decryption keys on devices was not erased during the factory reset and they were successfully able to access data “wiped” Android devices from a wide variety of sources, including text messages, images, video, and even third-party applications. What’s more, researchers were able to “recover Google authentication tokens”, thereby enabling them to sync up any data a user had tied to Google’s services, including private emails.The study unveils five critical failures:

- the lack of Android support for proper deletion of the data partition in v2.3.x devices;

- the incompleteness of upgrades pushed to flawed devices by vendors;

- the lack of driver support for proper deletion shipped  by  vendors  in  newer  devices  (e.g.  on  v4.[1,2,3]);

- the  lack  of  Android  support  for  proper  deletion  of  the internal  and  external  SD  card  in  all  OS  versions

- the fragility  of  full-disk  encryption  to  mitigate  those  problems up to Android v4.4 (KitKat)

RECOVERY DETAILS OF DATA BY RESEARCHERS

ATTRIBUTED REASON

3.   Smartphones  use  flash  for  their  non  volatile  memory storage  because  it  is  fast,  cheap  and  small.  Flash  memory is  usually  arranged  in  pages  and  blocks.  The  CPU  can read  or  write  a  page  (of  typically  512+16  to  4096+128 data+metadata  bytes),  but  can  only  erase  a  block  of  from 32   to   128   pages.   Each   block   contains   both   data,   and “out-of-band”  (OOB)  data.When  removing  a  file,  an  OS  typically  only  deletes  its name  from  a  table,  rather  than  deleting  its  content.  The situation is aggravated on flash memory because data update does not occur in place, i.e. data are copied to a new block to  preserve  performance,  reduce  the  erasure  block  count and  slow  down  the  wear.  This makes a vulnerable issue as realised here by both these researchers.

Wednesday, July 10, 2013

Striking the balance : Privacy & Security

1.   Over the decade, Security and Privacy issues have been striking the key notes often at high decibels and the trend is only increasing in the webosphere.I was just thinking if there will be a day when there will be 100% Privacy as well as 100% IT Security...if privacy becomes 100% ensured then how will anyone's data be monitored or will it be all algorithm based that will have a standing as well as active encryption method.

2.  At a health care event in San Jose, California some time in June 2013, President Obama had said "It's important to recognize that you can't have 100 per cent security and also then have 100 per cent privacy and zero inconvenience."(Source here)

3.  Is it actually possible in lives of the present generation ? I have my doubts!!!!!Our generation is likely to be a turning era of a new kind of civilization ie the digital age.We are part of just the beginning of the IT revolution but it will take another good time to realize a stable IT architecture.

4.  Its a mad race if we see it from top...mad race about leading from the front without realizing that to do so first the need is to plan and move.Short term gains and achievements in such a scenario of unstable internet(i mean unable to handle security and privacy) is not worth a pie.From aka India we have CMS ie the Central Monitoring System that claims to monitor each and every byte(I wonder how would it be done without any known info of set data centers in India......)....then we have PRISM...and actually each country would claim to have a sole application project on similar lines!!!

5.   Confidentiality,Integrity and Availability,the three key corner stones of a security framework....how will these fit in maintaining the privacy issues.The road map is long and lots needs to be done...
Powered By Blogger