9

I bought a Galaxy S20 Fe, logged my LastPass in it and all of my accounts (google, twitter, etc).

Now it has a malfunction and I'm going to have to send it back to get my money back.

When I factory reset an Android, I presume that it zeroes the memory in the writable partition of Android. This would explain why it takes 30 minutes to do a wipe. Instead of simply marking the data as deleted, it actually deletes it.

Can I trust the factory reset, or should I change the LastPass password + all passwords inside?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Guerlando OCs
  • 405
  • 4
  • 14
  • LasPass utilizes AES-256 encryption on the password database so it can't be decrypted without your password, plus the rest is written in @defalt his answer. – nethero Apr 16 '21 at 14:37
  • 1
    @KamilKurzynowski but I use fingerprint unlocking, which means it stores the password somewhere – Guerlando OCs Apr 16 '21 at 15:30

1 Answers1

17

All android 7+ devices are enrolled with File Based Encryption (FBE) that encrypts /data partition from first boot. FBE keys are bound to TEE and user screen lock authentication. On factory reset, TEE clears stored keys and OS wipes the data. At this point, even if your screen lock password is known, it's not possible to decrypt recovered data.

It would not take longer than few seconds to wipe the data. Secure erase is not needed as clearing FBE keys is enough. Your device might be taking time in restoring factory image.

I use fingerprint unlocking, which means keys/password/secrets are stored somewhere.

Secrets that are bound to in-app biometric authentication are encrypted by the key that is generated & stored in TEE. Apps can also import cryptographic keys in TEE. Unless biometric authentication succeeds which is verified by TEE, TEE doesn't release keys of the querying app. This protection ensures that even if a malicious app compromises other apps, it won't be able to steal secrets of those apps without user authentication.

Apps that are storing secrets outside of TEE and not bound to user authentication are still protected by FBE. On app uninstall, associated keys of the app are deleted. On factory reset, TEE clears all keys.

reset - This permission allows to reset Keystore to factory default, deleting all keys that are not vital to the functioning of the Android Operating system.

Hardware-backed Keystore

defalt
  • 6,231
  • 2
  • 22
  • 37
  • 1
    How would one confirm that the partition encryption key has been changed? – Ben Voigt Apr 16 '21 at 17:07
  • They only change after factory reset or after flashing ROM because only these 2 conditions reinitialize the OS setup. To verify the change, you have to break into embedded Inline Crypto Engine (ICE) sub-module on SoC. That's the only location where FBE keys are in plaintext state when outside of TEE. FBE keys are cached by OS after first user authentication since reboot but remain encrypted. When kernel needs to read & write data, TEE decrypts them and passes them to ICE which encrypts and decrypts data. FBE keys are never present in system memory. – defalt Apr 16 '21 at 18:08
  • Well, one doesn't necessarily need to see the plaintext version of the key, comparing old ciphertext to new ciphertext should tell you if the "make new keys" step has been completely omitted by a lazy implementer. – Ben Voigt Apr 16 '21 at 18:48
  • FBE uses AES-XTS-256 for data encryption and AES-CBC-CTR-256 for file name encryption. The IV is stored in the file header so you will never see repeated ciphertext of the same file even if the key is same. – defalt Apr 16 '21 at 20:29
  • I didn't mean ciphertext of a file after being encrypted by FBE, I meant the encrypted FBE key itself (since you said it isn't available in plaintext outside the TEE / ICE). I'm assuming the at-rest storage of the FBE key is not rewritten using new salt without changing the key material... but reliability concerns dictate that this should not be done more than necessary, because interruption of the programming process would lose the entire device contents. – Ben Voigt Apr 16 '21 at 20:36
  • Cached FBE key is encrypted with a ephemeral key which is generated & stored in TEE and is valid until next reboot. There's no other way except to compare plain text version of FBE keys. FBE is indeed a very well though process. Its inner working kept me confused for months. – defalt Apr 16 '21 at 20:53
  • Where's the FBE key stored *at rest* (when the device has no power)? Certainly it is not stored in the clear, rather encrypted by key material derived from the PIN/passcode. But is it inside an HSM? Or in normal storage? – Ben Voigt Apr 16 '21 at 20:56
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/123076/discussion-between-defalt-and-ben-voigt). – defalt Apr 17 '21 at 04:48