LineageOS, FBE, unlocked bootloader and security

[Reacan]

Hello everyone! It's been six years since my last post and it is truly fantastic that this community is still going strong

A while back I installed LineageOS on a Motorola device. I am very impressed and very grateful to all the developers and the free software community for this amazing piece of software. I like to secure my devices as much as possible and I am wondering about the implications that an unlocked bootloader might present.

Some time ago I came across a post somewhere on the internet (unfortunately cannot find that link anymore) where someone claimed that if the bootloader of an Android device is unlocked, one could boot a TWRP recovery image, delete the encryption keyfiles and as a result the encryption keys would be reset to the default values and this would allow to bypass any screenlocks.

Unfortunately I don't have spare device to conduct tests, therefore I am hoping that someone could shed some light on this. Is it really possible to bypass FBE so easily with an unlocked bootloader?

 

[heybaybee]

From this answer on a different forum:

The main issue with LineageOS is that you will have an unlocked bootloader. That allows an attacker to load a custom recovery and brute force your encryption completely bypassing LineageOS all together.

An alternative would be conducting an Evil maid attack since Lineage is by default built in userdebug and allows flashing any (unsigned) packages from the ADB. Nothing is stopping anyone from flashing a keylogger or some kind of a remote access on your device using this method.

The questions remain how likely are such attacks and how likely will a potential thief invest his time and resources in getting access to your data. These are questions everyone has to answer depending on his own individual situation and risk factors.

Feel free to correct me

 

[Reacan]

Thanks for the reply. You made some good points, I also think that if a device has been in the wrong hands even for a short period of time, it is compromised, even if the bootloader is locked down and USB debugging is disabled. Unlocked bootloader is a great gateway for bruteforce or dictionary attacks but a strong password can mitigate the risk and prevent even state actors from accessing the information, at least for couple of years

However the question still remains - Can LineageOS's FBE be bypassed if the encryption keyfiles are simply deleted?

 

[lgorbov]

However the question still remains - Can LineageOS's FBE be bypassed if the encryption keyfiles are simply deleted?

No. Unless LineageOS's (or Android's) crypto is horribly broken, this shouldn't be possible. So far, the only way to bypass the drisk encryption is to brute force the passphrase. You are probably referring to erasing user data by removing encryption headers -- TWRP can do this, but then all your data is lost.

However, encryption only protects user data, not system. Hence, the latter can be backdoored without you knowing.

 

[heybaybee]

However the question still remains - Can LineageOS's FBE be bypassed if the encryption keyfiles are simply deleted?

Afaik FBE works by generating a random key and encrypting the target parition(s) on the first boot. Then it uses your passphrase to encrypt that key.

From my understanding, deleting the key (stored in an encrypted form) would make the data encrypted with that key essentially unrecoverable. Unless someone had the resources to bruteforce the key. As of today that would require state level amount of resources.

Another theoretical possibility would be performing a Cold boot attack to get the encryption keys from RAM.

Feel free to correct me

 

[SomeRandomGuy]

Also remember if you are using a phone with a Qualcomm chipset, and you are really up against a state level actor, you also have to deal with EDL mode: you can dump the entire phone with it (no need to compromise or exploit the image on the phone itself), take it back to your seekret lair, and spend your gazillions on brute force hardware.

Bottom line, even if every senior hacker on this board told you "no, not that easy", they still could be wrong somehow. Zero days wouldn't be a thing if it worked that way. If you've got something truly worth protecting, put it in a [software] vault with solid, audited encryption.

If it isn't /that/ important, some phones will let you do the entire trusted boot thing if you want to compile LOS (or any AOSP based distro) from source, and futz around with the build scripts.

That said, remember there are social engineering attacks. If I were a l33t CIA agent, I'd probably wait till you were somewhere where I could watch you carefully (or had a 8 billion megapixel camera watching you carefully), send you a text message (marketing spam would work nicely), and then watch you type your password on the screen to read it... boom, pwn3d.

Many vectors of attack here.

If someone *GOT* your phone (to launch TWRP et al), you'd know about it, right? Consider a remote wipe package? Or try to keep them from getting it in the first place with physical security (vault, firearms, martial arts, etc)?