Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[INFO] Understanding the risks of having an unlocked bootloader

OP Petrovski80

21st September 2012, 09:57 PM   |  #1  
Petrovski80's Avatar
OP Senior Member
Flag Almelo
Thanks Meter: 283
 
828 posts
Join Date:Joined: Mar 2011
More
While unlocking the bootloader on a Galaxy Nexus unleashes the full potential of the bootloader, it also poses a security risk. Even with your lockscreen protected with a pattern/PIN/password, not having flashed a custom recovery, having an anti-theft app installed (maybe even converted/installed as a system app) your phone's data is easily accessible for a knowledgeable thief.

All the thief needs to do is reboot into the bootloader and boot or flash a custom recovery such as ClockWorkMod or TWRP. It's then possible to boot into recovery and use ADB commands to gain access to the phone's data on the internal memory (unless you have it encrypted) and copy/remove files at will.

Granted, the risk seems low. The thief would not only require knowledge of fastboot, he would have to turn off the phone before you have issued a wipe command using an anti-theft app. You could of course flash back the stock recovery & relock the bootloader after being done with flashing stuff, but that would require you to unlock it again if needed which will erase your userdata.

There are two ways to tackle this security risk AND retain unlocked bootloader functionality without losing userdata.

1) Encrypt your phone using Android's built-in encryption feature

Advantages:
- you can leave your bootloader unlocked & leave a custom recovery installed without risk of exposing your data.

Disadvantages:
- unless the custom recovery can decrypt your phone, you cannot use all of its features.
- when decryption fails, you cannot access your phone and need to do a factory reset from recovery. Users have reported not being able to decrypt after applying OTA updates.
- the encryption process is irreversible. The only way to return to an unencrypted phone is to perform a factory data reset which erases all your data.


2) Unlock & relock the bootloader from Android OS

Prerequisites:
- root access
- an app that can unlock/relock the bootloader at will such as BootUnlocker

Steps
Root your device using one of the many guides out there (recommended guide). Install BootUnlocker. Reflash stock recovery and lock the bootloader. Whenever you need an unlocked bootloader again, simply use Bootlocker to unlock it (this won't wipe userdata). When done, relock.

Advantages:
- doesn't require encryption (for those who do not wish to use it).

Disadvantages:
- relies on third-party apps.
- method will not work if you lose root access for whatever reason.
- method will not work when you cannot boot into Android for whatever reason.


USB debugging
Strictly not related to the bootloader, but for maximum security disable USB debugging when not required. Having it enabled allows the execution of ADB commands even if the lockscreen is still locked. Myself, I use Tasker in combination with Secure Settings to automatically enable USB debugging when my device is connected to my home WiFi access point but disabled if not connected.

The following video demonstrates what a knowledgeable thief can do with your phone when you have USB debugging enabled by default: http://www.youtube.com/watch?v=ah7DWawLax8&t=7m0s

More info: recently, an exploit has been discovered that will enable gaining root without going through the 'traditional' process of unlocking the bootloader & flashing a custom recovery in order to flash Superuser or SuperSU packages. See this post for a guide.

Play store devices
Devices bought directly from Google's Play Store apparently do NOT wipe userdata after fastboot oem unlock. So for these devices, method number 2 does not add any security. For more info, read this thread: http://forum.xda-developers.com/show....php?t=1650830
Last edited by Petrovski80; 2nd October 2012 at 10:05 PM.
The Following 23 Users Say Thank You to Petrovski80 For This Useful Post: [ View ]
21st September 2012, 11:18 PM   |  #2  
efrant's Avatar
Senior Moderator
Flag Montreal Bow2DaCow
Thanks Meter: 8,229
 
9,621 posts
Join Date:Joined: Feb 2009
Donate to Me
More
Very well written!!

One thing you may want to tie in to your explanation is the effect of having USB Debugging enabled - it's easy to gain root (and subsequently unlock your bootloader) with it enabled, even with a locked bootloader.

Sent from my Galaxy Nexus using Tapatalk 2
Last edited by efrant; 22nd September 2012 at 04:48 PM.
The Following 4 Users Say Thank You to efrant For This Useful Post: [ View ]
22nd September 2012, 02:29 PM   |  #3  
Petrovski80's Avatar
OP Senior Member
Flag Almelo
Thanks Meter: 283
 
828 posts
Join Date:Joined: Mar 2011
More
Added some information regarding USB debugging. Thanks for the tip efrant.
The Following User Says Thank You to Petrovski80 For This Useful Post: [ View ]
22nd September 2012, 03:19 PM   |  #4  
Mach3.2's Avatar
Senior Member
Flag Singapore
Thanks Meter: 450
 
2,043 posts
Join Date:Joined: May 2012
More
Good read
22nd September 2012, 11:30 PM   |  #5  
Member
Thanks Meter: 8
 
57 posts
Join Date:Joined: Sep 2011
Do you have to be on stock rom to lock the bootloader ?
22nd September 2012, 11:43 PM   |  #6  
efrant's Avatar
Senior Moderator
Flag Montreal Bow2DaCow
Thanks Meter: 8,229
 
9,621 posts
Join Date:Joined: Feb 2009
Donate to Me
More
Quote:
Originally Posted by Oscuras

Do you have to be on stock rom to lock the bootloader ?

Nope.

Sent from my Galaxy Nexus using Tapatalk 2
27th September 2012, 02:46 PM   |  #7  
Guiding.God's Avatar
Senior Member
Thanks Meter: 76
 
218 posts
Join Date:Joined: Apr 2012
More
Thanks for this

Trying to wrap my head around this with regards to anti theft protection etc.

Currently have an unlocked bootloader, custom rom, and root. If I have something like Cerberus or Avast running (both claim to work as system apps so will not be deleted via hard reset), have debugging unchecked and a pin lock at screen on - if I lock bootloader now, how secure am I to data theft?

Presumably, with debug disabled, fastboot from pc command prompt to unlock bootloader will not work? Can ODIN be used to flash a new ROM and if so my system apps (and thus the security apps) will be wiped, rendering the whole thing useless?

Thanks
Last edited by Guiding.God; 27th September 2012 at 02:53 PM.
27th September 2012, 04:27 PM   |  #8  
Petrovski80's Avatar
OP Senior Member
Flag Almelo
Thanks Meter: 283
 
828 posts
Join Date:Joined: Mar 2011
More
Quote:
Originally Posted by Guiding.God

Thanks for this

Trying to wrap my head around this with regards to anti theft protection etc.

Currently have an unlocked bootloader, custom rom, and root. If I have something like Cerberus or Avast running (both claim to work as system apps so will not be deleted via hard reset), have debugging unchecked and a pin lock at screen on - if I lock bootloader now, how secure am I to data theft?

Presumably, with debug disabled, fastboot from pc command prompt to unlock bootloader will not work? Can ODIN be used to flash a new ROM and if so my system apps (and thus the security apps) will be wiped, rendering the whole thing useless?

Thanks

If you have the stock recovery (custom will allow adb), your personal data is as secure as it can be. Of course, you cannot stop anybody from booting into your bootloader and run fastboot oem unlock OR use Odin to flash your device. However, doing so will effectively wipe your device so your personal data cannot be accessed.

The Following User Says Thank You to Petrovski80 For This Useful Post: [ View ]
27th September 2012, 05:07 PM   |  #9  
qtwrk's Avatar
Senior Member
Flag Barcelona
Thanks Meter: 815
 
2,509 posts
Join Date:Joined: Sep 2011
More
I would more worry about my phone then data because I have nothing important on it...

Sent from my Galaxy Nexus using xda premium
27th September 2012, 05:33 PM   |  #10  
Guiding.God's Avatar
Senior Member
Thanks Meter: 76
 
218 posts
Join Date:Joined: Apr 2012
More
Quote:
Originally Posted by Petrovski80

If you have the stock recovery (custom will allow adb), your personal data is as secure as it can be. Of course, you cannot stop anybody from booting into your bootloader and run fastboot oem unlock OR use Odin to flash your device. However, doing so will effectively wipe your device so your personal data cannot be accessed.

Quote:
Originally Posted by qtwrk

I would more worry about my phone then data because I have nothing important on it...

Sent from my Galaxy Nexus using xda premium

Thanks for the clarification.

And I worry more about the work related data, the phone itself is insured

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes