Security & Hacking: Android Factory Reset Failures

A somber research paper, "Security Analysis of Android Factory Resets" by Laurent Simon & Ross Anderson, describes multiple security issues for many makes, models, and versions of Android phones.

These issues impact many Android phones, unfortunately there is no single simple solution, though the authors suggest multiple mitigations.

Three security issues that caught my attention:

"In general, we found that devices in our sample logically sanitised all  bytes  requested  through  the ioctl command,  except  for one phone: the Google Nexus 4. This has an 6189744128Bdata partition, fully used by the file system. The last 16KB were  not  sanitised  and  fully  recoverable  about  20%  of  the time after a Factory Reset."

"We  found emails in 80% of our sample devices, but generally only a few per device"

"We recovered Google tokens in all devices with flawed Factory Reset, and the  master token 80% of the time."

The last one, with Google tokens would allow attacker to synchronize email or other accounts.  Enabling access to the current account!  Not limited to old (historical) data recovered on the Android device in attacker's possession.

I strongly recommend reading Security Analysis of Android Factory Resets.

• General audience article from Ars Technica http://arstechnica.com/security/2015/05/flawed-android-factory-reset-leaves-crypto-and-login-keys-ripe-for-picking/
• Research Paper (PDF) from Laurent Simon and Ross Anderson, University of Cambridge http://www.cl.cam.ac.uk/~rja14/Papers/fr_most15.pdf

Security & Hacking: 2 Factor list

Useful page that maintains a list of websites, companies, etc that offer Two Factor Authentication (aka 2FA).

https://twofactorauth.org/

In addition to basic list, they also provide links to documentation for those that provide 2FA, they also offer Twitter links to ask companies to add Two Factor.

Additional Links:

• Wikipedia 2FA http://en.wikipedia.org/wiki/Two_factor_authentication 
• Wikipedia Multifactor Authentication http://en.wikipedia.org/wiki/Multi-factor_authentication

For more Blog posts click on Two Factor Authentication, Hacking, or Security labels.  Labels can be found at bottom left of every blog post, selected labels can be found in Label Cloud at left side of blog.

Android & iPhone Battery replacement

For Apple there are a couple of choices, send it to Apple (by mail or Brick & Mortar Apple Store location), or DIY [Do It Yourself].

WARNING:  For iPhones & Android phones (the ones that don't have readily swappable battery) replacing battery will generally void your warranty because you have opened up the device's case.

Note if you send it to Apple there is a $6.95 USD shipping fee in addition to the price for battery replacement.

Link for Apple battery replacement http://www.apple.com/batteries/service-and-recycling/.

DIY option, IMHO simplest DIY approach is to use iFixit, https://www.ifixit.com/Guide, in addition to the guides, the iFixit store https://www.ifixit.com/Store offers the parts & tools needed to repair devices.



Though it varies by model battery replacement for the iPhones seem to be a little easier than iPad, and the iPod Touch 5th Gen is one of the most difficult since it requires a "temperature controlled soldering iron".

For Android, AFAIK its generally going to be DIY unless your device is still under warrenty, iFixit also offers Guides for Android & Windows Phone https://www.ifixit.com/Device/Phone.

VOD of Nexus 7 (pretty easy) battery replacement



For more post like this one just click on a Label such as DIY, Apple, or Android.

Labels can be found at bottom left of every post, and selected labels can be found in Label Cloud at left side of Blog.

Minecraft Saving Worlds Mac/PC/Linux

Quick reference for saving, backing up, or transferring Minecraft saved games.

I'd like to find good, meaning clear audio & clear presentation, Youtube for PC, Mac, & Linux. 

Mac Lion 10.7 (show how to without using Terminal)
http://www.speedofcreativity.org/2011/12/15/transfer-saved-minecraft-worlds-to-another-computer-on-mac-os-x-10-7-lion/

Instructions for Linux, PC, & Mac (via Terminal)
http://www.howtogeek.com/60264/how-to-backup-restore-and-sync-your-minecraft-saves-on-all-your-pcs/



XX

For more posts just click Minecraft or other label such as Backup Computers Data.

Labels can be found at bottom left of every post, and selected labels can be found in Label cloud at left side of blog

Security & Hacking: "Getting Started in Information Security"

Useful list of resources for people interested in Computer/Cyber Security, Hacking, Pen Testing, etc.

https://www.reddit.com/r/netsec/wiki/start

Includes online course, books, etc

Comment/Suggestion thread for it is http://www.reddit.com/r/netsec/comments/1l9l70/getting_started_in_information_security/

Nerd News: "Google to launch wireless service this year?"

Rumors, via Ars http://arstechnica.com/gadgets/2015/01/report-google-to-launch-wireless-service-this-year/, that Google is going to be operating a pilot MVNO (http://en.wikipedia.org/wiki/Mobile_virtual_network_operator) combining Sprint & T Mobile networks.

Also Ting, a Sprint MVNO, is adding GSM to it's offerings https://ting.com/blog/ting-to-offer-service-on-a-gsm-network/.

[Wikipedia on GSM & CDMA http://en.wikipedia.org/wiki/Comparison_of_mobile_phone_standards]

Suspect there is some connection here, not necessarily that they are working together, perhaps T Mobile & Sprint are partnering at some level?

Ting has a very interesting pricing structure, you pay for what you use, see https://ting.com/rates for details.

I'm planning on giving Ting a try around March/April 2015, to see how good it is with GSM.

I'll post my thoughts on Ting's GSM here on my Blog.

Starcraft 2 Thoughts: ZvT Nydus Terran's 3rd

Game 2 of Solar vs Yoda in "The Fight Before Christmas"

For some time I have been telling Zerg they should use Nydus for a lot more than cheesy sneak attacks inside opponents base.

While effective when it works, it relies on failure of opponent to have proper vision of their base to be successful, which fits my working definition of Cheese.

In contrast, using a Nydus to block Terran's Third, like this case, should at least delay expansion timing.

Not that blocking the 3rd was a significant priority in this particular case, it was probably intended more to make it harder to spot & target the Nydus.

But with similar timing, you could drop a Nydus at Terran's likely 4th base, have a Queen hop through and drop a Creep tumor or 2 and spread a lot of creep.

For more Blog posts & VODs on Nydus, just click the Nydus label, additional Labels can be found at bottom left of every blog post, and in the Label Cloud on left side of Blog.