How unsecure is to stay unencrypted?

[blackhawk_LA]

Hello! Yesterday my S22 Ultra was stolen. Everyone knows how does it feels when you lose something that is not only worth nearly 1000$, but also has tons of private information and personal data.
I had a custom ROM installed, and thanks to Samsung firmware, that means having to leave your data unencrypted. I know that most thieves only want the phone for selling it, but of course I'm a bit worried about my data.
My question is: how much more unsecure really is to stay unencrypted? I've read about samsung Knox security being hacked in minutes, so I wonder if in the end there's really a difference (if the thieves want to acces your data, they will do?)
I've just bought an S23U and for the first time, I have doubts about rooting.
I appreciate your answers and opinions.

 

[jons99]

Hello! Yesterday my S22 Ultra was stolen. Everyone knows how does it feels when you lose something that is not only worth nearly 1000$, but also has tons of private information and personal data.
I had a custom ROM installed, and thanks to Samsung firmware, that means having to leave your data unencrypted. I know that most thieves only want the phone for selling it, but of course I'm a bit worried about my data.
My question is: how much more unsecure really is to stay unencrypted? I've read about samsung Knox security being hacked in minutes, so I wonder if in the end there's really a difference (if the thieves want to acces your data, they will do?)
I've just bought an S23U and for the first time, I have doubts about rooting.
I appreciate your answers and opinions.

the difference between encrypted and unencrypted data is when you're data is encrypted if someone tries to look at it he'll only see weird letters and numbers and the only way to decrypt it is with your lockscreen password but if your data isn't encrypted then anyone has access to it no need for password or anything that means credit cards photos contacts everything is right there for the taking you can use the find my phone app to delete your data but I think you need to set it up as an admin app before it can do it I guess what I'm trying to say is stay encrypted if you can

 

[WoKoschekk]

Hello! Yesterday my S22 Ultra was stolen. Everyone knows how does it feels when you lose something that is not only worth nearly 1000$, but also has tons of private information and personal data.
I had a custom ROM installed, and thanks to Samsung firmware, that means having to leave your data unencrypted. I know that most thieves only want the phone for selling it, but of course I'm a bit worried about my data.
My question is: how much more unsecure really is to stay unencrypted? I've read about samsung Knox security being hacked in minutes, so I wonder if in the end there's really a difference (if the thieves want to acces your data, they will do?)
I've just bought an S23U and for the first time, I have doubts about rooting.
I appreciate your answers and opinions.

encrypted data => no chance to get any data stored on the user partition. nothing left to say about it.

not encrypted => all data is accessible!! you are able to restore all apps and you are able to open and to use them. to be honest, that's the worst scenario that could happen to you! you could get into serious trouble.

 

[xXx yYy]

...
My question is: how much more unsecure really is to stay unencrypted?

Always use encryption as that's default in Android ( FBE, FDE ).

 

[blackhawk_LA]

Thanks people for your answers. I know that there IS a difference, of course. But (correct me if I'm wrong) there's always the chance for hackers to access encrypted data on the phone.
Even taking this in consideration, I also assume that it's better to have "three padlocks" than one if you want to protect something.

My question is maybe more about % of risk.

I think that if a thieve is stealing phones just to send them, they won't care if it's encrypted or not; they will do a factory reset or send the phone by pieces or whatever. Even if the phone isn't encrypted, it's not that easy for a normal person to erase the lockscreen security, isn't it?

But if they are interested in accesing data (like credit cards, electronic IDs and so) they will find a way no matter if the phone is encrypted or not. Or maybe it will bo so much harder if the phone is encrypted (and maybe depending on model and security issues on firmware) that they will most likely won't ever be able to.
That's what I'm asking, in other words: how easy or hard is to access encrypted data for a thieve?

 

[WoKoschekk]

there's always the chance for hackers to access encrypted data on the phone

no

 

[jwoegerbauer]

If a phone gets booted into Recovery mode then encryption doesn't take place, means a hacker can steal your data at any time if ADB got successfully enabled on phone.

 

[WoKoschekk]

it's not that easy for a normal person to erase the lockscreen security, isn't it?

2-3 min. and I have access. with an unlocked bootloader I open TWRP website, get the build, download odin, flash TWRP, start it, hit the "backup" button and get an archive of your data. I wouldn't boot your phone to get around the "find my device" tools.

 

[WoKoschekk]

how easy or hard is to access encrypted data for a thieve?

2,158*10^12 years by brute force attack and the use of the most powerful hardware you can get.

How long would it take to brute force an AES-128 key?

How long would it take to crack a AES-128 key using the most advanced technology currently available? The hardware can be anything, be it a high-performance CPU, GPU or even FPGA?

crypto.stackexchange.com

 

[WoKoschekk]

If a phone gets booted into Recovery mode then encryption doesn't take place, means a hacker can steal your data at any time if ADB got successfully enabled on phone.

Upon the initial boot of a modern Android phone your data gets encrypted and keeps encrypted. Even in recovery. What do you think why TWRP has all the trouble with encryption?? In stock recovery you can only use minimal ADB. See source code: https://android.googlesource.com/platform/bootable/recovery/

That means you can only access adb sideload. No data is accessible in recovery since /data gets not mounted!

 

[WoKoschekk]

if ADB got successfully enabled on phone.

stock recovery and any custom build like TWRP have ADB enabled by default. no matter what is enabled in your developer options. no recovery loads your settings.xml stored on /data.

 

[blackhawk_LA]

2-3 min. and I have access. with an unlocked bootloader I open TWRP website, get the build, download odin, flash TWRP, start it, hit the "backup" button and get an archive of your data. I wouldn't boot your phone to get around the "find my device" tools.

Ok. that mostly answered everything. Thank you very much

 

[WoKoschekk]

Ok. that mostly answered everything. Thank you very much

I have also a device that isn't encrypted to be able to use TWRP. But that device isn't my daily driver and stays at home. I know what is possible for third persons.

 

[blackhawk_LA]

It's a pity that is not possible to have all security features on custom ROMs, especially on Samsung phones... Too bad.

 

[WoKoschekk]

It's a pity that is not possible to have all security features on custom ROMs, especially on Samsung phones... Too bad.

Samsung's encryption is too powerful. Their mobile devices are the most secure ones you can get. ;-)

 

[V0latyle]

Samsung's encryption is too powerful. Their mobile devices are the most secure ones you can get. ;-)

Eh...Not really.

Android Full Disk Encryption is integral to AOSP and while OEMs can modify what they use, such as the minimum key length (256 or 512 bit instead of 128) it's still "built in"

The strength of encryption depends on the algorithm as well as the encryption key. 128 bit AES means that 128 bit key has 2^128 possible values: 3.4028237e+38 possibilities.

 

[WoKoschekk]

Eh...Not really.

Android Full Disk Encryption is integral to AOSP and while OEMs can modify what they use, such as the minimum key length (256 or 512 bit instead of 128) it's still "built in"

The strength of encryption depends on the algorithm as well as the encryption key. 128 bit AES means that 128 bit key has 2^128 possible values: 3.4028237e+38 possibilities.

Even if your device supports AOSP encryption and decryption, it usually requires custom blob support. The process of figuring this out may take time and may never be done. Some vendors such as Samsung use their own encryption techniques. Without heavy deconstruction/decompiling of custom library blobs, and successful ports by an active maintainer, this may never be done.

Why doesn't TWRP support encryption on my device?

Why doesn't TWRP support encryption on my device?TWRP encryption is supported in 2 phases. The first item is keeping up with the newest support from AOSP, wh...

twrp.me

 

[WoKoschekk]

Android Full Disk Encryption is integral to AOSP and while OEMs can modify what they use, such as the minimum key length (256 or 512 bit instead of 128) it's still "built in"

FDE is deprecated and not allowed anymore for newer builds. Even regular FBE is now optimized by the additional use of Inline Encryption.

 

[V0latyle]

Ah. I missed that

Frankly...I don't worry about encrypting anything. I'm very selective about what apps I use and what access they have to files. I don't store anything sensitive on my phone anyway.

 

[WoKoschekk]

my chats in Whatsapp (or any other messenger people have installed) is sth I wouldn't like to share with others. especially with someone who has stolen my device.