Thursday, May 21, 2015

Security & Hacking: Android Factory Reset Failures

A somber research paper, "Security Analysis of Android Factory Resets" by Laurent Simon & Ross Anderson, describes multiple security issues for many makes, models, and versions of Android phones.

These issues impact many Android phones, unfortunately there is no single simple solution, though the authors suggest multiple mitigations.

Three security issues that caught my attention:

"In general, we found that devices in our sample logically sanitised all  bytes  requested  through  the ioctl command,  except  for one phone: the Google Nexus 4. This has an 6189744128Bdata partition, fully used by the file system. The last 16KB were  not  sanitised  and  fully  recoverable  about  20%  of  the time after a Factory Reset."

"We  found emails in 80% of our sample devices, but generally only a few per device"

"We recovered Google tokens in all devices with flawed Factory Reset, and the  master token 80% of the time."

The last one, with Google tokens would allow attacker to synchronize email or other accounts.  Enabling access to the current account!  Not limited to old (historical) data recovered on the Android device in attacker's possession.

I strongly recommend reading Security Analysis of Android Factory Resets.