the risks of running an unlocked bootloader

[wkwkwk]

Hi,

Running an unlocked bootloader is quite risky assuming someone has physical access to your phone.

It's extremely easy simply to put it into fastboot mode, flash a recovery (cwm/twrp) and then adb will provide root access to all data.

This is mitigated by encrypting the device, however, I haven't been successful in doing this (http://xdaforums.com/showthread.php?p=48848592) on this particular phone although it works without any issues on nexus phones.

For the people with unlocked bootloaders, do you simply don't care about someone getting physical access or is there anything that can be done?

Also, did someone manage to successfully encrypt the phone (using the standard settings -> security -> encrypt phone) or is everyone running unencrypted?

Having a remote wipe capability is next to useless assuming the thief will power off the phone immediately (before you have a chance to issue the remote wipe).
An unlocked bootloader is mandatory for running Cyanogenmod so that's that.

Thank you.

 

[shoey63]

A thief (if he had the knowledge or the inclination), could steal a locked bootloader phone (without encryption) and simply flash an ftf and untick "wipe data". He would then have full access to the data on the phone by rooting and flashing a recovery for LB. So locked bootloader is cold comfort really

Sent from my C6603 using xda app-developers app

 

[elias234]

i think the best to happen is to have passwords , when entering fastboot or flashtool , a password should pop up to access the fastboot or flash tool connection , and when entering recovery , a password should also pop up , it is so much secure to get these , but i think it is so hard to make it work or even impossible

 

[wkwkwk]

You're right, a locked bootloader is indeed a false security.

At the end, encryption is needed but on this phone, it doesn't seem to work and no one tried using it apart from me...

 

[SmallsXD]

I have my BL locked and I ensure that USB debugging is off, seeing as most rooting solutions required USB debugging I should be good for the average criminal. So the only way to have access to my data...(obviously SD card is immediately compromised with physical access) would be to guess my unlock code. Otherwise, a full wipe of the phone would be required for it to be usable but that should delete all my accounts off the device.

(At least this is what I tell myself to sleep better at night lol)

 

[wkwkwk]

I have my BL locked and I ensure that USB debugging is off, seeing as most rooting solutions required USB debugging I should be good for the average criminal. So the only way to have access to my data...(obviously SD card is immediately compromised with physical access) would be to guess my unlock code. Otherwise, a full wipe of the phone would be required for it to be usable but that should delete all my accounts off the device.

(At least this is what I tell myself to sleep better at night lol)

Getting all your data is as trivial as flashing a custom recovery for locked bootloaders which will provide direct root access.

It probably takes less than a few minutes.

Like they say, there's nothing more dangerous than the sense of false security.

 

[SmallsXD]

Its not just having a Locked bootloader but also having USB Debugging off, 3rd Party App installs off as that alone would dramatically reduce the number of compatible tools to achieve root access to your device. As far as I know you have to be rooted in most cases to install custom recoveries or at least that is what most instructions say. Remember security is hardly ever a complete solution, its about making it not worth the effort.

For the average person/criminal it is not worth their time to access my data as it is actually worthless to them, As I said the SD card is already taken as soon.
My antitheft software will be lingering with a Data Wipe command, I would have changed the account information stored, I never stored Billing information. So my risk level is very low and not worth any more effort on my end.

As stated, Im speaking from a personal perspective and not a "best practice" one.

The real problem is we like to unlock everything and tick every security risk option and then complain when things get patched that make our device more secure, like all the root exploits.

BL unlocked - Any compilable kernel can now run
USB Debugging - Access from PC's to send commands to your device
Installs from unknown sources - Allows installations of root apps and other apps

All things we need set to do some great things with our devices but how many of us actually look back at these setting once we enable them. It is the equivalent to taking off a door to get the fancy new furniture inside but never putting it back on when we are done.

 

[anuragm13]

i think the best to happen is to have passwords , when entering fastboot or flashtool , a password should pop up to access the fastboot or flash tool connection , and when entering recovery , a password should also pop up , it is so much secure to get these , but i think it is so hard to make it work or even impossible

Suppose i have encrypted my device, i.e., it asks for password before booting up...
Q1 So, is it still possible to access the fastboot or recovery mode? Will entering the recovery or fastboot mode would require the password?

Q2 If no, how can i prevent access to fastboot and recovery mode with an unlocked bootloader?