Full Disclosure mailing list archives
Re: Android wipe unreliable
From: Jeffrey Walton <noloader () gmail com>
Date: Sun, 18 Mar 2012 21:05:29 -0400
On Sun, Mar 18, 2012 at 1:46 PM, Jan Schejbal <jan.mailinglisten () googlemail com> wrote:
We have discovered that the "wipe" function on Android does not reliably delete data on all devices. On a Nexus S running Android 2.3.6, we were able to recover user data after running a "wipe" both using the "factory data reset" from the menu and by wiping the device from recovery.
I'm not sure there's anything new here :)
... This means that if a locked device affected by this is lost/stolen, it is possible to access the data by first wiping the device (to remove the screen lock), then rooting and recovering.
If you think remotely wiping Android is bad, try and iOS device.
Note that we do not know the full range of affected devices. Manufacturers may have made customizations that fix this, and Android 3.x and 4.x (Honeycomb/ICS, about 5% of devices) seem to have fixes according to the code.
Probably most of them.
The Android security team has been notified.
Reliably Erasing Data From Flash-Based Solid State Drives, www.usenix.org/event/fast11/tech/full_papers/Wei.pdf. You might want to open a discussion on Android Security Discussions, http://groups.google.com/group/android-security-discuss. Jeff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Android wipe unreliable Jan Schejbal (Mar 18)
- Re: Android wipe unreliable Jeffrey Walton (Mar 18)
- Re: Android wipe unreliable Robert Kim App and Facebook Marketing (Mar 19)
- Re: Android wipe unreliable Jeffrey Walton (Mar 31)