Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Android wipe unreliable

From: Jeffrey Walton <noloader () gmail com>
Date: Sun, 18 Mar 2012 21:05:29 -0400
On Sun, Mar 18, 2012 at 1:46 PM, Jan Schejbal
<jan.mailinglisten () googlemail com> wrote:

We have discovered that the "wipe" function on Android does not reliably
delete data on all devices. On a Nexus S running Android 2.3.6, we were
able to recover user data after running a "wipe" both using the "factory
data reset" from the menu and by wiping the device from recovery.

I'm not sure there's anything new here :)

...

This means that if a locked device affected by this is lost/stolen, it
is possible to access the data by first wiping the device (to remove the
screen lock), then rooting and recovering.

If you think remotely wiping Android is bad, try and iOS device.


Note that we do not know the full range of affected devices.
Manufacturers may have made customizations that fix this, and Android
3.x and 4.x (Honeycomb/ICS, about 5% of devices) seem to have fixes
according to the code.

Probably most of them.


The Android security team has been notified.

Reliably Erasing Data From Flash-Based Solid State Drives,
www.usenix.org/event/fast11/tech/full_papers/Wei.pdf.

You might want to open a discussion on Android Security Discussions,
http://groups.google.com/group/android-security-discuss.

Jeff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: