Social Icons

Sunday, May 24, 2015

Android Factory Reset : How trustworthy from a PRIVACY view?

1.  It is an accepted fact that one can remove all data from Android devices by resetting it to factory settings, or doing a "force reset." One can do so by either using the Settings menu to erase all your data or by using the Recovery menu.It is also understood that by performing a factory data reset, all data — like apps data, photos, and music etc will be wiped from the device.This reset in most of the cases will be required as a maintenance issue or when the user decides to sell his mobile to some other third guy.Now when he does a factory reset for ensuring himself that all his/her data is removed from the mobile,there is a sad angle recently revealed in a paper named "Security Analysis of Android Factory Resets" by Laurent Simon and Ross Anderson@University of Cambridge available at http://www.cl.cam.ac.uk/~rja14/Papers/fr_most15.pdf  that proves with technical demonstrations to negate the fact that the data and all privacy of accounts goes with the reset.Read on further for brief details...

2.  Even with full-disk encryption in play, researchers found that performing a factory reset on Android smart-phones isn’t always what it’s assumed safe up to be.Researchers found the file storing decryption keys on devices was not erased during the factory reset and they were successfully able to access data “wiped” Android devices from a wide variety of sources, including text messages, images, video, and even third-party applications. What’s more, researchers were able to “recover Google authentication tokens”, thereby enabling them to sync up any data a user had tied to Google’s services, including private emails.The study unveils five critical failures:

- the lack of Android support for proper deletion of the data partition in v2.3.x devices;

- the incompleteness of upgrades pushed to flawed devices by vendors;

- the lack of driver support for proper deletion shipped  by  vendors  in  newer  devices  (e.g.  on  v4.[1,2,3]);

- the  lack  of  Android  support  for  proper  deletion  of  the internal  and  external  SD  card  in  all  OS  versions

- the fragility  of  full-disk  encryption  to  mitigate  those  problems up to Android v4.4 (KitKat)

RECOVERY DETAILS OF DATA BY RESEARCHERS

ATTRIBUTED REASON

3.   Smartphones  use  flash  for  their  non  volatile  memory storage  because  it  is  fast,  cheap  and  small.  Flash  memory is  usually  arranged  in  pages  and  blocks.  The  CPU  can read  or  write  a  page  (of  typically  512+16  to  4096+128 data+metadata  bytes),  but  can  only  erase  a  block  of  from 32   to   128   pages.   Each   block   contains   both   data,   and “out-of-band”  (OOB)  data.When  removing  a  file,  an  OS  typically  only  deletes  its name  from  a  table,  rather  than  deleting  its  content.  The situation is aggravated on flash memory because data update does not occur in place, i.e. data are copied to a new block to  preserve  performance,  reduce  the  erasure  block  count and  slow  down  the  wear.  This makes a vulnerable issue as realised here by both these researchers.

0 comments:

Post a Comment