Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[Q] Broke the glass on my screen, now I have to give my phone to a technician...

OP mrproper123

13th February 2014, 02:22 PM   |  #1  
OP Junior Member
Thanks Meter: 0
 
3 posts
Join Date:Joined: Jan 2013
Don't worry, it's a security question alright.

I live in Eastern Europe, which is on the far side of the Samsung support network and I have samsung galaxy s3 phone (GT-9300 i guess). My repair options look a little bit bleak. I must either ship it back to France, from where it is bought, or I must seek help of non-licensed technicians. Thank God, there are quite a lot around here and for problems like this they do wonders.
I am worried though that the technicians may try to meddle with the software of my phone and do something nasty with it while the phone is in their possession. I use the phone quite a lot to access various servers trough ssh and the servers contain semi-sensitive information about customers, phones, the equivalents of social security numbers in my country and etc. Of course I will delete my present information, but how about the future. If someone has hacked versions of the firmware, it will be a child game to get the passwords for my servers.
So I need to secure the software of my phone somehow and I'm not sure of my options, so I'm asking for advice which is better. I have experience with Linux, but about Android I'm a quite noob. I had my Amazon FireHD Tablet rooted and installed with CyanogenMOD, so I know a little bit about ROM images. The phone itself is unrooted with original software and is not locked to a carrier.
Should I:

1. Try to back up my entire ROM image?

There are various questions here. It looks that I cannot download standalone original ROM image directly from Samsung so I must back up mine. But in the bootloader (which opens with volume up/down + home + power) it seems that there are no options for backing up rom image, only for restoring trough ADB of SD card. Should I try to root, install alternative bootloader and then back up everything.
There is one very important sub-question here: Will the phone signal me somehow If someone replaces the original bootloader with say, non-signed one? What If someone changes the bootloader as well as the system image?

2. Should I try to ecrypt my phone.

I cannot get easily information about what exactly is encrypted. Pretty sure that the bootloader itself cannot be encrypted anyway. How about the system image. Is it encrypted ?


I'll be thanful for any help about these two ideas as well as any others?
13th February 2014, 05:00 PM   |  #2  
Junior Member
Thanks Meter: 3
 
12 posts
Join Date:Joined: Jan 2012
If you are paying to have the repair done by an entity other than Samsung then you have a great option available. Just out of curiousity, what version of android are you running? If I were in your shoes, I would root the phone and install a custom recovery (either TWRP or Philz). This will allow you to take a complete nandroid backup of the phone to the external SD Card. Confirm the nandroid backup has been saved to the SD Card then remove the card from the phone and store it somewhere safe. Then perform a factory reset to completely wipe the phone and have your phone sent out to be fixed. When you get your phone back, insert the SD Card and restore from the backup. It will be just as you left it and the possibility that anyone has been able to access or tamper with your phone is almost nil... Apart from possibly large national security agencies whom are known for having catalogs of common electronic items that have been compromised in various ways.

I can't speak for your exact phone, but I am quite familiar with encryption as well as the US-model Galaxy S3's. Unfortunately Samsung is known for running their own encryption schemes with are different and most often weaker than the stock. Custom ROMs with generally have an implementation based on AOSP sources. A 4 digit PIN or common passphrase can be easily broken with either, but a sturdy encryption passphrase will almost certainly provide sufficient protection.

Without knowing the specifics of your phone and whatever TouchWiz it's running, I can say this much. If you enable encryption on your phone, it will encrypt /data (application data) at a very minimum. This will almost definitely not include /system. It will probably not include the external SD card or any of the actual applications (the .apk files). The encryption would keep your data secure at rest, but it wouldn't prevent a motivated attacker from installing a hidden malicious application in the system.

You are correct in that the bootloader cannot be encrypted.
13th February 2014, 08:18 PM   |  #3  
OP Junior Member
Thanks Meter: 0
 
3 posts
Join Date:Joined: Jan 2013
84598432951
Quote:
Originally Posted by fadedout

If you are paying to have the repair done by an entity other than Samsung then you have a great option available. Just out of curiousity, what version of android are you running? If I were in your shoes, I would root the phone and install a custom recovery (either TWRP or Philz). This will allow you to take a complete nandroid backup of the phone to the external SD Card. Confirm the nandroid backup has been saved to the SD Card then remove the card from the phone and store it somewhere safe. Then perform a factory reset to completely wipe the phone and have your phone sent out to be fixed. When you get your phone back, insert the SD Card and restore from the backup. It will be just as you left it and the possibility that anyone has been able to access or tamper with your phone is almost nil... Apart from possibly large national security agencies whom are known for having catalogs of common electronic items that have been compromised in various ways.

I can't speak for your exact phone, but I am quite familiar with encryption as well as the US-model Galaxy S3's. Unfortunately Samsung is known for running their own encryption schemes with are different and most often weaker than the stock. Custom ROMs with generally have an implementation based on AOSP sources. A 4 digit PIN or common passphrase can be easily broken with either, but a sturdy encryption passphrase will almost certainly provide sufficient protection.

Without knowing the specifics of your phone and whatever TouchWiz it's running, I can say this much. If you enable encryption on your phone, it will encrypt /data (application data) at a very minimum. This will almost definitely not include /system. It will probably not include the external SD card or any of the actual applications (the .apk files). The encryption would keep your data secure at rest, but it wouldn't prevent a motivated attacker from installing a hidden malicious application in the system.

You are correct in that the bootloader cannot be encrypted.


Thank You for the informative answer!
18th February 2014, 10:26 AM   |  #4  
Junior Member
Thanks Meter: 1
 
7 posts
Join Date:Joined: Feb 2014
I had to do this once and what I did was:
- Root phone (which I always wanted to do)
- Perform a full backup to SD card
- Remove SD card and perform a factory reset of the phone

Then off to repairs.

Once back, I did again a factory reset (just in case) and then restore the lot

Seems a lot to do, but I have some sensitive data on it and didn't want to risk it too much. Besides during the restore I took the opportunity to upgrade to 4.3 (at the time)
24th February 2014, 01:57 PM   |  #5  
Member
Thanks Meter: 0
 
46 posts
Join Date:Joined: Jan 2014
glass
why dnt you buy a chinese glass and change it yourself its so easy and cheap, around 10 euros or so? i did the same for my old phone
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes