4

based on my previous knowledge, I know that the iPhone has hardware encryption implemented on recent models. When we issue the "Erase all contents and settings" command, the encryption keys are destroyed, making the data within the device useless.

Android also provides encryption by using dm-crypt and I believe it encrypts everything when the device is in boot stage. Now let's say I reset the device to factory settings. I know that without encryption, I can recover a significant amount of data by acquiring and carving files from the physical image. However, I am wondering if there has been any research done on acquiring an encrypted image after resetting to factory settings and recovering useful data from it.

I've found that some presentations from defcon and such sort of delve into this topic but I was wondering if there is anything more concrete out there.

Thanks for the help.

Alistair
  • 211
  • 2
  • 6

3 Answers3

7

The principle is the same whether Apple or Google does it. Most of the data stored on the device (including all user data — everything but some startup code and of course the encryption key) is encrypted, and the only way to decrypt it is with a key that is stored on the device. (The key may be itself encrypted with the unlock passcode, but that's a separate matter. For our purposes here, there is a key file, which contains the key in a potentially-recoverable form.)

Once you wipe the key file, there is no way to recover any of the encrypted data. The only information you may be able to get is a rough upper bound for how much data was stored on the device, and even this only if the device was not initialized with random data — I don't know if all Android integrations do this. The data itself can only be recovered with the key.

The data may be recoverable if you've backed up the key outside the device (or if you've backed up the data itself of course). As long as you don't leak your key backups, the data is unrecoverable once the key on the device has been wiped.

In both cases — Apple or Google — it may be possible to recover the key file from the part of the flash storage that is currently unused due to wear leveling, if that part happens to contain the key file. This isn't something you can do in software, you need a bit of electronic equipment and fiddling with the flash storage (I think you have to unsolder it from the board, which is already a major stopper for casual attackers and kills the device's resale value).

Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179
  • Terribly sorry for the late answer and accept, my electricity went out all day and I was just now able to read your reply. I greatly appreciate you taking the time to give me a concrete response regarding this issue, I realize that, currently, this is the most effective way of hiding your data from malicious people. – Alistair May 01 '13 at 00:06
  • According to Apple’s iOS Security whitepaper, the key is stored in “effaceable storage” and when it’s wiped, it “accesses the underlying storage technology (for example, NAND) to directly address and erase a small number of blocks at a very low level”. So it should not be recoverable due to wear leveling. – Nate Jul 09 '14 at 16:11
2

At best, this question is asking us to Google a specific research for you. So I flagged it as "Not Constructive".

First I'd start with checking the implementation notes, a quick look can tell you many things. They're using 128-bit AES-CBC ESSIV:SHA256, which seems top-notch to me.

A closer look would tell you that they're not encrypting the SD card. They explain in relative details what's encrypted, how it's encrypted, when it's encrypted, and when it's decrypted. If you look in other places you'll also find that the password is limited to 16 characters.

Armed with that knowledge, now you have enough information to go on your own. A quick search on the site and you'll see this beautiful answer by The Bear explaining the scenario you're asking about.

Adi
  • 43,808
  • 16
  • 135
  • 167
  • Thomas's answer addresses a different scenario, with only a password and the difficulty accessing the flash device protecting the data. If the key file has been wiped, the attacker has a harder job: he also needs to recover the key file (unless there was a flaw in the random generator used to generate the key — not likely here I think). – Gilles 'SO- stop being evil' Apr 30 '13 at 12:43
  • Well I wasn't really asking the stackexchange community to research this topic for me, I was merely wondering if there was any evidence that could disprove the security of destroying encryption keys. My initial question does prove that I have already done my research as opposed to just blindly asking whether someone could google it for me. I realize that destroying encryption keys is as safe as you can get, however there are always side-channel attacks and interesting flaws that someone could exploit in order to bypass this security measure. Thanks for the links :-) – Alistair May 01 '13 at 00:11
2

There has been research done on the ability to recover data from an Android device that issuing the stock Android encryption. There was a similar question that you could peruse. You could also check out the Frost ROM. Which was a recovery ROM built to demonstrate the potential for using a cold boot attack to recovery key data from an encrypted device, their paper does imply that the standard device wipe/factory reset provides a reasonable level of protection after an encrypted device has been wiped

Unfortunately, the unlocking process wipes the userdata and cache partition and thus, searching for the AES key after unlocking becomes pointless (although still possible). We verified that the Galaxy Nexus actually wipes the userdata and cache partition, meaning that it zero-fills them.

The wiping process implemented by Google is commendable as it even renders data recovery in the case of non-encrypted partitions difficult.

Hope this helps.

dudebrobro
  • 673
  • 3
  • 7
  • I actually read the FROST paper, but I thought that it entailed retrieving the encryption keys before the device was wiped. I will re-read it to get a better understanding, thanks! – Alistair May 01 '13 at 00:12
  • 1
    you are right I think I misunderstood the paper when I originally looked at it. After looking through the paper again. – dudebrobro May 01 '13 at 13:06