DATA EXTRACTION ON RESOLD AND STOLEN ANDROID SMARTPHONES: A SECURITY ANALYSIS OF CONSUMER GRADE PROTECTIONS

No ratings

Presented at BlackHatMobileSecurity 2015 by

We study the protection mechanisms available to consumers to thwart unauthorised access to personal data on resold and stolen Android smartphones. With hundreds of millions of devices expected to be traded by 2018 and millions of devices stolen in the USA in 2013 alone, such attacks are a serious and growing problem. The main protection against data extraction from resold devices is using the built-in "Factory Reset" function on device disposal. Trade press reports2 have already raised doubts about the effectiveness of Android "Factory Reset", but this paper presents the first comprehensive study of the issue. We study the implementation of Factory Reset on 21 Android smartphones from 5 vendors running Android versions v2.3.x to v4.3. We estimate that more than 340 million devices do not properly sanitise their data partition where credentials and other sensitive data are stored, and still more fail to properly sanitise the internal SD card where multi- media files are generally saved. We found we could recover Google credentials on all device presenting a flawed Factory Reset. Full-disk encryption has the potential to mitigate the problem, but we found that a flawed Factory Reset leaves behind enough data for the encryption key to be recovered. The main mitigation against unauthorised data access on stolen devices is provided by apps with "remote wipe" and "remote lock" functions. We study the top 10 Mobile Anti- Virus (MAV) apps downloaded by hundreds of millions of users. We uncover flaws that undermine MAV security claims and highlight the fragility of third-party security apps. MAV remote locks are unreliable due to poor implementation practices, Android API limitations and vendor customisations. Mobile OS architectures leave third-party security apps little leeway to improve built-in Factory Resets, therefore MAV remote wipe functions are not an alternative to a flawed built-in Factory Reset. We conclude the only viable solutions are those driven by vendors themselves.