Or Continue to Thread: [Q] Still No Encryption for An…
Find Your Device:
11th December 2012, 05:55 AM   |  #10  
r0zj0k3r's Avatar
Senior Member
Flag The middle of the ocean
Thanks Meter: 28
 
157 posts
Join Date:Joined: Jul 2012
More
Please elaborate
Quote:

Not very strong or effective.

Easily defeated with cellex, celbrite, JTAG etc as is iOS etc.

Unfortunately BBerry is the only handset to offer amazing encryption and wipe to disc encryption. Which why Im amazed nobody else does, or that DARPA has to appeal to the community at large in order to solve this....

Most products address end to end encryption of calls, txt, email etc and location options.

Remote wipe is NOT a true solution if you are carrying important data for business if industrial espionage is a consideration let alone 4th Amendment rights.

Not sure where your info is coming from.

As of Android 2.3.4 device encryption has been available. Granted most manufactures didn't implement the ability very quickly. I have two GB devices niether give me an option to encrypt my device on the stock ROMs, but some did. I am running 4.1.2, and encryption is as full as it gets. If I boot into CWM recovery I can adb into a minimal root shell, but the revocery partition doesn't "see" any of the actual data. I think this suffices. As far as circumventing this encryption, I don't think a JTAG or cellebrite will help you with this. As of Android 3.0 (tablet only I know...) the encryption standard is 128 bit AES, I wish they would have used 256 bit...but whatever. No doubt Android is late in the game, I just don't think they thought it necissary until the smartphone evolved to something more powerful.

Android Encryption: http://source.android.com/tech/encry...mentation.html

Cellebrite: Their schtick, as far as Android and BB devices are concerned, is recovering data from a locked device, ie you forgot the password and the backup etc etc. They go out of their way to not mention the word DECRYPTION when talking about Android or BB. I say this because in thier iOS section, they repeatedly mention their ability to DECRYPT the device data on the fly. So again it would appear to me that, for Android, they use some custom revocery ROMs and adb to revocer UNENCRYPTED data (with their special hardware).

in fact this is from Cellebrite themselves:
Quote:

for ALL Android OS versions including Android 4.X (Ice Cream Sandwich). Physical extraction for any locked device is only available if the USB debugging has been switched on

Cellebrite on Android: http://www.cellebrite.com/forensic-s...forensics.html

Encryption is encryption, if it uses AES, as far as I know you have to be able to crack AES to get at the data once it's encrypted.
You need the password, or brute force, OR find a weakness in the algorithm.

If you're that worried, find another way to transport/store your private data. Companies with this much at stake are stupid to entrust sensitive data to any of these devices in any of their current states. For you and me, I don't think yo uneed to worry about your stuff that much. This is like the old adage that locks keep honest people honest. Most people find a phone, maybe try a few cheap easy tricks and wipe if they fail. Although AES is considered safe against brute force, if you need more, use truecrypt with hidden partitions or something like this and a real computer. Even then....
Last edited by r0zj0k3r; 11th December 2012 at 08:47 AM. Reason: source