cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
FoxKat
Token Ring
Posts: 298
Registered: ‎04-22-2010
Location: United States
Views: 992
Message 11 of 63

Re: SD card encryption issue?

I was also working with Sally to see if we could help this unfortunate owner to recover her precious moments of her 4-year old's video and photo captures.  The phone first started acting up (unrelated to the encryption), so the Verizon Phone Support Technician ran her throug a series of troubleshooting techniques, and when the all were unable to resolve the issue, she was instructed to do a Factory restore.  Unfortunately (and this is where the BIG failure is most likely to happen for the great percentage of users who choose encryption unknowingly), the rep DIDN'T first ask her if her data was encrypted and to back it up to the PC first, as it would be lost in the reset.


This is completely unaccceptable in my opinion.  If you are going to be a support technician, your job is to preserve the client's user experience if at all possible and checking to see if encryption is enabled should be standard protocol.  Well, I've also discovered that there are 3 methods of encryption (as Sally mentioned), and that two of them are Device specific so if the device fails, the data is permanently locked and unrecoverable.


I've spent cloes to 3 hours in several calls to Motorola about this both to investigate and to vent.  My biggest concerns are that they've issued a loaded gun with their phones and haven't supplied safety training with it, and the "Safety" is basically worthless.


I received a return call from the Motorola Technical Support yesterday, and in that 36 minute call, I confirmed things I suspected, received information I wasn't aware of, and even taught the technician a thing or two. First, the encryption SHOULD BE the standard AES 256 as I suspected. If so, and if encrypted with a password/pin, and you have the password, we should be able to use http://download.cnet.com/AES-256-bit/3000-2092_4-10544070.html or another tool like it to decrypt.  Where the problem starts in my mind is that Motorola chose to make "Device" (MEID/IMEI/ESN specific) as the default encryption choice and unless you understand the differences and make the effort to choose the Password option, you're now tied forever to that phone.  I'll explain...

If the card was encrypted using the first choice - Device option (see below), then the phone is a critical part of the encryption and without the actual physical phone, we'll likely never be able to recover it.


If so, there's also the possibility that even with the original phone that data may still be completely unrecoverable. When the encryption is used and the Device option is chosen, the phone's unique ID is used to create the "hashcode" which is the "key" that encrypts the data. Without that unique hashcode, the data is essentially permanently encrypted. Oh, it can be decrypted, but it would take considerable time and likely great expense as well.

Now, if the second choice - Password option is used (see below), then ONLY that password is needed and I'm nearly convinced that any good AES 256 encryption tool can be used to decrypt it.


But, if the third choice was used - Device+Password (again see below), then we not only need the actual physical phone but also the correct password, and again as the first option, it can only be decrypted in the actual phone, and like option one there's still the possibility that it can not be decrypted even with the right phone and right password.


So, when originally encrypted, the question is do users see the following screen, and if so, do they make an informed decision which option to select?



Here's my take on it. What good is encryption on the SD card that's IN the phone (either the internal SD Card or the SDcard-ext), if you lose the phone? If you used a 4 digit password to lock the phone, cracking into that is relatively easy with the right tools. Once you're in, it doesn't matter what method of encryption you used, you have complete and unrestricted access to all the data stored on the card(s), and since data copied off the phone via the USB cable is unencrypted in the process, where's the security?

On the other hand, if you remove the card (and used either Device or Device+Password), you can't decrypt it anywhere else (if what you've learned from the Motorola forum is correct), so what good is it to you at that point. And as said on several posts elsewhere, if the phone dies, you can never recover the data if you used either Device or Device+Password for the encryption choice. So even if I WAS going to use encryption, I would NEVER use options one or three. Now, option 2 is a viable option - if, and only if it can be decrypted outside of the device with a standard AES 256 encryption tool. In that case, I can use WEP Key Generator or something like it to generate a 256 bit key in ASCII and make it something like J$V6!qKDz=[2)PWXWc_ZO+'8@lp!y which will provide me with extreme security, but I can store that key somewhere safe and if I need to decrypt later without the phone I can.

The ONLY way that I can see the reason for the options one and three are if the encryption is being administered by the IT department of a company and they have remote wipe capability. In that case, removing the SD card would be futile since you could never decrypt the data.

Moto Sr Moderator
Moto Sr Moderator
Posts: 13,987
Registered: ‎02-02-2016
Location: US
Views: 992
Message 12 of 63

Re: SD card encryption issue?


foxkat said:

I was also working with Sally to see if we could help this unfortunate owner to recover her precious moments of her 4-year old's video and photo captures.  The phone first started acting up (unrelated to the encryption), so the Verizon Phone Support Technician ran her throug a series of troubleshooting techniques, and when the all were unable to resolve the issue, she was instructed to do a Factory restore.  Unfortunately (and this is where the BIG failure is most likely to happen for the great percentage of users who choose encryption unknowingly), the rep DIDN'T first ask her if her data was encrypted and to back it up to the PC first, as it would be lost in the reset.


This is completely unaccceptable in my opinion.  If you are going to be a support technician, your job is to preserve the client's user experience if at all possible and checking to see if encryption is enabled should be standard protocol.  Well, I've also discovered that there are 3 methods of encryption (as Sally mentioned), and that two of them are Device specific so if the device fails, the data is permanently locked and unrecoverable.


I've spent cloes to 3 hours in several calls to Motorola about this both to investigate and to vent.  My biggest concerns are that they've issued a loaded gun with their phones and haven't supplied safety training with it, and the "Safety" is basically worthless.


I received a return call from the Motorola Technical Support yesterday, and in that 36 minute call, I confirmed things I suspected, received information I wasn't aware of, and even taught the technician a thing or two. First, the encryption SHOULD BE the standard AES 256 as I suspected. If so, and if encrypted with a password/pin, and you have the password, we should be able to use http://download.cnet.com/AES-256-bit/3000-2092_4-10544070.html or another tool like it to decrypt.  Where the problem starts in my mind is that Motorola chose to make "Device" (MEID/IMEI/ESN specific) as the default encryption choice and unless you understand the differences and make the effort to choose the Password option, you're now tied forever to that phone.  I'll explain...

If the card was encrypted using the first choice - Device option (see below), then the phone is a critical part of the encryption and without the actual physical phone, we'll likely never be able to recover it.


If so, there's also the possibility that even with the original phone that data may still be completely unrecoverable. When the encryption is used and the Device option is chosen, the phone's unique ID is used to create the "hashcode" which is the "key" that encrypts the data. Without that unique hashcode, the data is essentially permanently encrypted. Oh, it can be decrypted, but it would take considerable time and likely great expense as well.

Now, if the second choice - Password option is used (see below), then ONLY that password is needed and I'm nearly convinced that any good AES 256 encryption tool can be used to decrypt it.


But, if the third choice was used - Device+Password (again see below), then we not only need the actual physical phone but also the correct password, and again as the first option, it can only be decrypted in the actual phone, and like option one there's still the possibility that it can not be decrypted even with the right phone and right password.


So, when originally encrypted, the question is do users see the following screen, and if so, do they make an informed decision which option to select?



Here's my take on it. What good is encryption on the SD card that's IN the phone (either the internal SD Card or the SDcard-ext), if you lose the phone? If you used a 4 digit password to lock the phone, cracking into that is relatively easy with the right tools. Once you're in, it doesn't matter what method of encryption you used, you have complete and unrestricted access to all the data stored on the card(s), and since data copied off the phone via the USB cable is unencrypted in the process, where's the security?

On the other hand, if you remove the card (and used either Device or Device+Password), you can't decrypt it anywhere else (if what you've learned from the Motorola forum is correct), so what good is it to you at that point. And as said on several posts elsewhere, if the phone dies, you can never recover the data if you used either Device or Device+Password for the encryption choice. So even if I WAS going to use encryption, I would NEVER use options one or three. Now, option 2 is a viable option - if, and only if it can be decrypted outside of the device with a standard AES 256 encryption tool. In that case, I can use WEP Key Generator or something like it to generate a 256 bit key in ASCII and make it something like J$V6!qKDz=[2)PWXWc_ZO+'8@lp!y which will provide me with extreme security, but I can store that key somewhere safe and if I need to decrypt later without the phone I can.

The ONLY way that I can see the reason for the options one and three are if the encryption is being administered by the IT department of a company and they have remote wipe capability. In that case, removing the SD card would be futile since you could never decrypt the data.



Thank you for the awesome post, which makes some things about the encryption feature even clearer.


While I am in full agreement with pretty much everything you have written, I would bring to everyone's attention that you are posting from the point of view of the user who is trying to keep and/or recover their own data.  From the point of view of someone who has stolen a device and/or the SD card from the user, the encryption feature has pretty much locked me [the thief] out of everything on the stolen phone--which I think is how the feature was designed (or if as you say, an IT department is trying to keep data secure, it works).


I like your analogy about the loaded gun, and you are exactly right:  putting a feature like Moto's encryption into the hands of a user who doesn't know how to "engage the safety" is a disaster waiting to happen.

Comment in the spirit of COMMUNITY: "Share experiences / expertise, engage in the discussions, and offer advice and suggestions."
sallyc1
802.11n
Posts: 172
Registered: ‎11-15-2011
Location: United States
Views: 992
Message 13 of 63

Re: SD card encryption issue?


eaccents said:


foxkat said:

I was also working with Sally to see if we could help this unfortunate owner to recover her precious moments of her 4-year old's video and photo captures.  The phone first started acting up (unrelated to the encryption), so the Verizon Phone Support Technician ran her throug a series of troubleshooting techniques, and when the all were unable to resolve the issue, she was instructed to do a Factory restore.  Unfortunately (and this is where the BIG failure is most likely to happen for the great percentage of users who choose encryption unknowingly), the rep DIDN'T first ask her if her data was encrypted and to back it up to the PC first, as it would be lost in the reset.


This is completely unaccceptable in my opinion.  If you are going to be a support technician, your job is to preserve the client's user experience if at all possible and checking to see if encryption is enabled should be standard protocol.  Well, I've also discovered that there are 3 methods of encryption (as Sally mentioned), and that two of them are Device specific so if the device fails, the data is permanently locked and unrecoverable.


I've spent cloes to 3 hours in several calls to Motorola about this both to investigate and to vent.  My biggest concerns are that they've issued a loaded gun with their phones and haven't supplied safety training with it, and the "Safety" is basically worthless.


I received a return call from the Motorola Technical Support yesterday, and in that 36 minute call, I confirmed things I suspected, received information I wasn't aware of, and even taught the technician a thing or two. First, the encryption SHOULD BE the standard AES 256 as I suspected. If so, and if encrypted with a password/pin, and you have the password, we should be able to use http://download.cnet.com/AES-256-bit/3000-2092_4-10544070.html or another tool like it to decrypt.  Where the problem starts in my mind is that Motorola chose to make "Device" (MEID/IMEI/ESN specific) as the default encryption choice and unless you understand the differences and make the effort to choose the Password option, you're now tied forever to that phone.  I'll explain...

If the card was encrypted using the first choice - Device option (see below), then the phone is a critical part of the encryption and without the actual physical phone, we'll likely never be able to recover it.


If so, there's also the possibility that even with the original phone that data may still be completely unrecoverable. When the encryption is used and the Device option is chosen, the phone's unique ID is used to create the "hashcode" which is the "key" that encrypts the data. Without that unique hashcode, the data is essentially permanently encrypted. Oh, it can be decrypted, but it would take considerable time and likely great expense as well.

Now, if the second choice - Password option is used (see below), then ONLY that password is needed and I'm nearly convinced that any good AES 256 encryption tool can be used to decrypt it.


But, if the third choice was used - Device+Password (again see below), then we not only need the actual physical phone but also the correct password, and again as the first option, it can only be decrypted in the actual phone, and like option one there's still the possibility that it can not be decrypted even with the right phone and right password.


So, when originally encrypted, the question is do users see the following screen, and if so, do they make an informed decision which option to select?



Here's my take on it. What good is encryption on the SD card that's IN the phone (either the internal SD Card or the SDcard-ext), if you lose the phone? If you used a 4 digit password to lock the phone, cracking into that is relatively easy with the right tools. Once you're in, it doesn't matter what method of encryption you used, you have complete and unrestricted access to all the data stored on the card(s), and since data copied off the phone via the USB cable is unencrypted in the process, where's the security?

On the other hand, if you remove the card (and used either Device or Device+Password), you can't decrypt it anywhere else (if what you've learned from the Motorola forum is correct), so what good is it to you at that point. And as said on several posts elsewhere, if the phone dies, you can never recover the data if you used either Device or Device+Password for the encryption choice. So even if I WAS going to use encryption, I would NEVER use options one or three. Now, option 2 is a viable option - if, and only if it can be decrypted outside of the device with a standard AES 256 encryption tool. In that case, I can use WEP Key Generator or something like it to generate a 256 bit key in ASCII and make it something like J$V6!qKDz=[2)PWXWc_ZO+'8@lp!y which will provide me with extreme security, but I can store that key somewhere safe and if I need to decrypt later without the phone I can.

The ONLY way that I can see the reason for the options one and three are if the encryption is being administered by the IT department of a company and they have remote wipe capability. In that case, removing the SD card would be futile since you could never decrypt the data.



Thank you for the awesome post, which makes some things about the encryption feature even clearer.


While I am in full agreement with pretty much everything you have written, I would bring to everyone's attention that you are posting from the point of view of the user who is trying to keep and/or recover their own data.  From the point of view of someone who has stolen a device and/or the SD card from the user, the encryption feature has pretty much locked me [the thief] out of everything on the stolen phone--which I think is how the feature was designed (or if as you say, an IT department is trying to keep data secure, it works).


I like your analogy about the loaded gun, and you are exactly right:  putting a feature like Moto's encryption into the hands of a user who doesn't know how to "engage the safety" is a disaster waiting to happen.



 I agree with you, eaccents, the post does a great job.  FoxKat has done a great job of helping and educating many of us on a variety of subjects.   But I can't defend the encryption feature because it keeps the thief locked out if it's at the very real risk of keeping the owner locked out too.  


This doesn't need to be an either / or and has only become so because of the way Motorola has chosen to implement AES 256.  As FoxKat points out, using a WEP key generator would keep the thief locked out but also allow the owner to retrieve their data if something happened to their phone and they needed to do a FDR or access the external SD via USB.


I really hope this thread will raise awareness about this problem and 1) prevent others from using encryption and thinking their data is secure when, in fact, it is highly vulnerable to loss and 2) cause Motorola to change the way they implement AES 256.

Moto Sr Moderator
Moto Sr Moderator
Posts: 12,467
Registered: ‎02-02-2016
Location: US
Views: 992
Message 14 of 63

Re: SD card encryption issue?

Foxkat, I believe options 1 and 3 are designed for the IT administered scenario, because I think the documents located by SallyC were tagged as "business" in some way.  I read your posts on another forum, and I appluad your efforts on the user's behalf; not many would invest the time and effort that you have. 


By the way, for whatever reason, the images you uploaded won't load for me.


 

Moto Sr Moderator
Moto Sr Moderator
Posts: 15,450
Registered: ‎02-03-2016
Location: US
Views: 992
Message 15 of 63

Re: SD card encryption issue?

I personally believe that the best solution would be an added feature of being able to backup your key to a computer or some other device of your choice. This would solve the problem all the way around.

I am not a Motorola/Lenovo Employee. I am just a volunteer who happens to be a Moderator. All comments are my own and are not necessarily Motorola/Lenovo's position.

FoxKat
Token Ring
Posts: 298
Registered: ‎04-22-2010
Location: United States
Views: 992
Message 16 of 63

Re: SD card encryption issue?


joelbon said:

I personally believe that the best solution would be an added feature of being able to backup your key to a computer or some other device of your choice. This would solve the problem all the way around.



 And another excellent suggestion from joelbon (yeah, I do follow you even though I don't post here but only on a very infrequent basis).

FoxKat
Token Ring
Posts: 298
Registered: ‎04-22-2010
Location: United States
Views: 992
Message 17 of 63

Re: SD card encryption issue?


crystallet said:

Foxkat, I believe options 1 and 3 are designed for the IT administered scenario, because I think the documents located by SallyC were tagged as "business" in some way.  I read your posts on another forum, and I appluad your efforts on the user's behalf; not many would invest the time and effort that you have. 


By the way, for whatever reason, the images you uploaded won't load for me.


 



 crystallet, you may be right in that was probably the INTENDED purpose, but since it's an option for the owner of the phone, and since the "Device" encryption option is the DEFAULT, it's incredibly poor execution of that feature.  The last screen above comes up in the phone IF you choose to view it, and the other three screens are the "I" (Information) for each choice.


The problem is that unless you are anal like me and take the time to explore those options, and unless you dig deeper into the Information screens for them, you MIGHT either allow the default "Device" option, or (thinking you're making it MORE secure), take the Device+Password option.  Unfortunately in either case, you've sealed the deal if the phone ever gets reset or fails completely.


Also, I go back to what I've said earlier...If I encrypt my phone with either optioins "Device" or "Device+Password", and only use perhaps a 4 digit pin to lock the phone, any 13 year old geek with lots of time on his hands could bypass or discover the pin, unlock the phone and have at it with my data - AES 256 and all.  That is not encryption, it's a challenge.


We haven't even touched on the fact that the camera and other media features default to the internal SD card, and yet the common sense assumption by users is that the removable SD card would be where they'd expect to find it, so if they encrypt the removable SD card, then Factory restore the phone, thinking "well, at least my SD card is safe", they're in for a huge and painful surprise.


I like joelbon's suggestion to protect the loss of data for the end user by having a backup of the hashcode for options one and three (assuming the decryption allows for the re-populating of that hashcode), but unless the screen lock pin or password is as secure, the data is no more secure encrypted than not.  The truth is, nobody wants to type in J$V6!qKDz[2)PWXWc_ZO+'8@lp!y every time they have to unlock their phone.  We're looking at an attempt to make the phone more appealing and accepted by the enterprise world, but these features need to be harbored properly, and any "encryption" of data should be used with a heaping helping of forethought.


 


 

FoxKat
Token Ring
Posts: 298
Registered: ‎04-22-2010
Location: United States
Views: 992
Message 18 of 63

Re: SD card encryption issue?


eaccents said:


sallyc said:

 I wish it were that simple.   It's not just the AES 256 algorithm, but the fact that the the encryption defaults to a phone-specific key (MEID/IMEI/ESN), for the AES 256 data encryption ("the card will not be readable via another phone" and "Encryption keys are auto-generated by the key store on the device and are only stored on the device.") means that it's not enough to have just any AES 256 encrypter.


This has come up for me trying to help a user on another forum who had pictures & videos of her 2-3 year old on an SD card when her phone died.  So far we've not been able to come up with any way to recover them, although we've learned alot about Motorola's encryption.


I was hoping by posting here that either someone from Motorola knew of some way around this.  Especially realizing that people use their phones for corporate data (such as financial & healthcare sectors) it seems to me rather difficult to believe that one bad drop/splash/oops could mean the irretrievable loss of valuable data.



I looked into this last Fall and my thinking is pretty much in line with yours.


The key is auto-generated by the device and only stored on the device.  Additionally, if you FDR the device, you will lose the current key, and a new one would be generated.  Again, leaving you without access to your data.


I think that the idea is that items are encrypted for transport (on your handheld device) or think of it as the data is more accessible while we go about our business in public than it would be on our home computers.  I also think that we are supposed to back up the data to our private storage (like your own computer) and in the process of data migration from the device to the computer your data will be unencrypted.


I know this doesn't help, but I am just affirming your conceptual understanding of the encryption for Moto devices.


 


FYI:  Most of what I understand about this topic was learned from this post by @D.Harris


Source:  https://forums.motorola.com/posts/6e41d89eed







Greetings,


I can provide some information---but not a lot.


First, let me state up front that I have not yet used this feature. Why? Because I've had to do more than one factory data reset and I anticipate doing more before the current GB 2.3.3 mess is over. Using encryption complicates a factory data reset and adds more work to the process.


Second, looking to the future, if I keep my Droid X phones and continue to use Motorola's version of GB 2.3 (both are up in the air right now) then I plan to make good use of the encryption option in the future. It appears to be an excellent feature.


Our understanding of the new encryption feature comes directly from Motorola. There are two places where this information is provided and they are both in our Droid X phones. I'll quote them in dark red:


Source 1: The caption under Android menu > Settings > Location & security > Data encryption


"Protect the data on your phone or memory card. Requires screen lock."


We can conclude the following from the above quote:


  1. "Data" is what is encrypted. It is safe to assume that this includes all user data (such as contacts and calendar events stored on our phones). What we don't know is if this also includes system data (the settings and data cache of Android) and app data (such as our app settings and our Browser's cache).

  2. Since the statement says "on your phone or memory card" we can also conclude that data is encrypted either in the internal memory of our phones or on our micro SD memory cards (or both). It seems that only data is encrypted in our phone's internal memory just like the title of this feature suggests ("Data encryption"). However, it also appears from Source 2 below that the entire micro SD memory card is encrypted. Therefore, if we have any apps stored on our memory cards, they will also be encrypted. This shouldn't cause a problem for our phones---they will simply decrypt them as they read our cards. I believe it will work the same way when we attach a file to a text or email message that resides on our memory card---our phones will automatically decrypt the file and the attachment would not be encrypted (but someone needs to test and confirm this).

  3. The "Data encryption" feature is only available when the "Screen lock" option is turned on. It is safe to say that the pattern, PIN or password that we choose for the Screen lock will also be used to generate the key for the encryption. That way we only need to remember one pattern, PIN or password. If the Screen lock feature is turned off, then we cannot use the Data encryption feature.


Source 2: The text displayed during a factory data reset (Android menu > Settings > Privacy > Factory Data Reset).


"Encrypted files on your memory cards will become unreadable. It is advisable to connect your device to a PC and copy the files you would like to keep from each encrypted card before resetting the device."


"Encrypted files created on this phone and saved to the memory cards will become unreadable."


We can conclude the following from the above quote:


  1. A factory data reset will destroy the encryption key, making any encrypted data or files unreadable both in the phone's internal memory and a micro SD memory card. Therefore, we must connect our phones to a computer and copy the encrypted files to an unencrypted location on our computers' hard drive for safekeeping during the factory data reset.

  2. In order to copy decrypted files to a computer, the card must remain in the phone so the phone can decrypt them. In this way, the copies of the files that were moved to our computer would no longer be encrypted. This means we will have to connect our phones to the computer via either USB or bluetooth. The card cannot be removed from the phone and inserted into a third-party reader. If that were done, the card would be unreadable.

  3. Even if we choose to use an identical pattern, PIN or password for the Screen lock after a factory data reset, a unique encryption key will be created, making files encrypted under the earlier key unreadable (even though the same pattern, PIN or password were used). If a card became unreadable because its encryption key were lost, the card would need to be reformatted before it could be used again (reformatting it will effectively erase it).


As you can see, this still leaves a lot of unanswered questions. How strong is the encryption? Will the encryption affect performance? What exactly happens if I turn off Data encryption? Will all the formerly encrypted files be immediately decrypted?


Kind regards, D.Harris






 This is the same information I discovered in my research, but there are many flaws.  First, this https://motorola-global-portal.custhelp.com/app/answers/prod_answer_detail/a_id/72155/p/30,6720,8112 is all that the Motorola website for the Droid RAZR shows for encryption, period.  You'll notice there is NO mention of the 3 encryption choices, nor is there a warning that the "Device" option is the default.


Next, the Motorola Droid User's Guide says the following of screen lock:


Password lock
To set the password, touch Menu > Settings
> Location & security > Change screen lock > Set
password.
Enter a password (up to eight characters), then confirm
it.
When prompted, enter the password to unlock the
smartphone.


 


So I am limited to an 8 digit password to prevent access to my phone, but the encryption of the data that is behind that 8 digit password is encrypted with AES 256, but once in the phone is completely compromised if I successfully breech that 8 digit password.  In other words, there is NO benefit to an AES 256 encryption of data on the SD Card if I can simply get through the lock screen.  Now, how many of us use all 8 digits?  The most common number of digits in an pin, overwhelmingly is 4.  Of that, many are 0000, 1111 or 1234 or the 4 corners, etc.


So the only thing that stands in the way of completely bypassing AES 256 encryption and simply copying the data through the USB cable is one in 9,000 combinations of 4 digits, how many bits of encryption is that?  Certainly NOT 256 bits.

Moto Sr Moderator
Moto Sr Moderator
Posts: 13,987
Registered: ‎02-02-2016
Location: US
Views: 992
Message 19 of 63

Re: SD card encryption issue?


foxkat said:


eaccents said:


sallyc said:

 I wish it were that simple.   It's not just the AES 256 algorithm, but the fact that the the encryption defaults to a phone-specific key (MEID/IMEI/ESN), for the AES 256 data encryption ("the card will not be readable via another phone" and "Encryption keys are auto-generated by the key store on the device and are only stored on the device.") means that it's not enough to have just any AES 256 encrypter.


This has come up for me trying to help a user on another forum who had pictures & videos of her 2-3 year old on an SD card when her phone died.  So far we've not been able to come up with any way to recover them, although we've learned alot about Motorola's encryption.


I was hoping by posting here that either someone from Motorola knew of some way around this.  Especially realizing that people use their phones for corporate data (such as financial & healthcare sectors) it seems to me rather difficult to believe that one bad drop/splash/oops could mean the irretrievable loss of valuable data.



I looked into this last Fall and my thinking is pretty much in line with yours.


The key is auto-generated by the device and only stored on the device.  Additionally, if you FDR the device, you will lose the current key, and a new one would be generated.  Again, leaving you without access to your data.


I think that the idea is that items are encrypted for transport (on your handheld device) or think of it as the data is more accessible while we go about our business in public than it would be on our home computers.  I also think that we are supposed to back up the data to our private storage (like your own computer) and in the process of data migration from the device to the computer your data will be unencrypted.


I know this doesn't help, but I am just affirming your conceptual understanding of the encryption for Moto devices.


 


FYI:  Most of what I understand about this topic was learned from this post by @D.Harris


Source:  https://forums.motorola.com/posts/6e41d89eed







Greetings,


I can provide some information---but not a lot.


First, let me state up front that I have not yet used this feature. Why? Because I've had to do more than one factory data reset and I anticipate doing more before the current GB 2.3.3 mess is over. Using encryption complicates a factory data reset and adds more work to the process.


Second, looking to the future, if I keep my Droid X phones and continue to use Motorola's version of GB 2.3 (both are up in the air right now) then I plan to make good use of the encryption option in the future. It appears to be an excellent feature.


Our understanding of the new encryption feature comes directly from Motorola. There are two places where this information is provided and they are both in our Droid X phones. I'll quote them in dark red:


Source 1: The caption under Android menu > Settings > Location & security > Data encryption


"Protect the data on your phone or memory card. Requires screen lock."


We can conclude the following from the above quote:


  1. "Data" is what is encrypted. It is safe to assume that this includes all user data (such as contacts and calendar events stored on our phones). What we don't know is if this also includes system data (the settings and data cache of Android) and app data (such as our app settings and our Browser's cache).

  2. Since the statement says "on your phone or memory card" we can also conclude that data is encrypted either in the internal memory of our phones or on our micro SD memory cards (or both). It seems that only data is encrypted in our phone's internal memory just like the title of this feature suggests ("Data encryption"). However, it also appears from Source 2 below that the entire micro SD memory card is encrypted. Therefore, if we have any apps stored on our memory cards, they will also be encrypted. This shouldn't cause a problem for our phones---they will simply decrypt them as they read our cards. I believe it will work the same way when we attach a file to a text or email message that resides on our memory card---our phones will automatically decrypt the file and the attachment would not be encrypted (but someone needs to test and confirm this).

  3. The "Data encryption" feature is only available when the "Screen lock" option is turned on. It is safe to say that the pattern, PIN or password that we choose for the Screen lock will also be used to generate the key for the encryption. That way we only need to remember one pattern, PIN or password. If the Screen lock feature is turned off, then we cannot use the Data encryption feature.


Source 2: The text displayed during a factory data reset (Android menu > Settings > Privacy > Factory Data Reset).


"Encrypted files on your memory cards will become unreadable. It is advisable to connect your device to a PC and copy the files you would like to keep from each encrypted card before resetting the device."


"Encrypted files created on this phone and saved to the memory cards will become unreadable."


We can conclude the following from the above quote:


  1. A factory data reset will destroy the encryption key, making any encrypted data or files unreadable both in the phone's internal memory and a micro SD memory card. Therefore, we must connect our phones to a computer and copy the encrypted files to an unencrypted location on our computers' hard drive for safekeeping during the factory data reset.

  2. In order to copy decrypted files to a computer, the card must remain in the phone so the phone can decrypt them. In this way, the copies of the files that were moved to our computer would no longer be encrypted. This means we will have to connect our phones to the computer via either USB or bluetooth. The card cannot be removed from the phone and inserted into a third-party reader. If that were done, the card would be unreadable.

  3. Even if we choose to use an identical pattern, PIN or password for the Screen lock after a factory data reset, a unique encryption key will be created, making files encrypted under the earlier key unreadable (even though the same pattern, PIN or password were used). If a card became unreadable because its encryption key were lost, the card would need to be reformatted before it could be used again (reformatting it will effectively erase it).


As you can see, this still leaves a lot of unanswered questions. How strong is the encryption? Will the encryption affect performance? What exactly happens if I turn off Data encryption? Will all the formerly encrypted files be immediately decrypted?


Kind regards, D.Harris






 This is the same information I discovered in my research, but there are many flaws.  First, this https://motorola-global-portal.custhelp.com/app/answers/prod_answer_detail/a_id/72155/p/30,6720,8112 is all that the Motorola website for the Droid RAZR shows for encryption, period.  You'll notice there is NO mention of the 3 encryption choices, nor is there a warning that the "Device" option is the default.


Next, the Motorola Droid User's Guide says the following of screen lock:


Password lock
To set the password, touch Menu > Settings
> Location & security > Change screen lock > Set
password.
Enter a password (up to eight characters), then confirm
it.
When prompted, enter the password to unlock the
smartphone.


 


So I am limited to an 8 digit password to prevent access to my phone, but the encryption of the data that is behind that 8 digit password is encrypted with AES 256, but once in the phone is completely compromised if I successfully breech that 8 digit password.  In other words, there is NO benefit to an AES 256 encryption of data on the SD Card if I can simply get through the lock screen.  Now, how many of us use all 8 digits?  The most common number of digits in an pin, overwhelmingly is 4.  Of that, many are 0000, 1111 or 1234 or the 4 corners, etc.


So the only thing that stands in the way of completely bypassing AES 256 encryption and simply copying the data through the USB cable is one in 9,000 combinations of 4 digits, how many bits of encryption is that?  Certainly NOT 256 bits.



Excellent points:  "You'll notice there is NO mention of the 3 encryption choices, nor is there a warning that the "Device" option is the default."


I think we are straying off topic, however, by moving on to discussing how a user might choose the simpler (or shall we say "lazier") way to prevent access to their phone and/or data.  



Now, how many of us use all 8 digits?  The most common number of digits in an pin, overwhelmingly is 4.  Of that, many are 0000, 1111 or 1234 or the 4 corners, etc.


So the only thing that stands in the way of completely bypassing AES 256 encryption and simply copying the data through the USB cable is one in 9,000 combinations of 4 digits, how many bits of encryption is that?  Certainly NOT 256 bits.



Choosing the easy way is not a flaw of the encryption feature nor of Motorola's explanation of the how encryption works.  These are user choices, and it is still up to the user to take responsibility for how they use the tools available to them.


The original assertion [which I fully support] was that there is a lack of documentation on how Motorola encryption works so that the user can make informed choices.  What users choose to do once they are armed with a full explanation of the Motorola encryption feature is up to the user.  


Certainly, suggestions on how to make the encryption feature more user-friendly are very helpful, but exploration of user nonchalance or user negligence is a waste [here in the forums] as it is not something that Motorola can fix.


I hope you don't feel like I am shooting you down--especially since I have learned a lot from just a few of your posts Cool--but here in the Motorola forums I think it most beneficial for us to focus on how to make the Motorola encryption feature easier to understand so users can make informed choices about keeping their data safe and accessible

Comment in the spirit of COMMUNITY: "Share experiences / expertise, engage in the discussions, and offer advice and suggestions."
FoxKat
Token Ring
Posts: 298
Registered: ‎04-22-2010
Location: United States
Views: 992
Message 20 of 63

Re: SD card encryption issue?

I appreciate your desire to stay focused on improving.  I don't see you as shooting me down.  I don't take things like this personally on forums.  It is almost always not meant to be an attack and yet people get bent out of shape and things deteriorate from there.


As for the lazy screen lock issue, I suppose having a maximum of 8 digits to unlock the phone will provide a certain higher level of protection than a 4 digit pin (though my point was valid).  Still, it is ludicrous to place a 256 bit encryption algorythm behind an 8 digit pin that once entered allows complete access to the data with 256 bit encryption enabled.  That's like putting a $20 Masterlock on a bank vault.  Who is going to bother tunneling under or trying to break through the 1 foot thick steel walls, instead they'd simply cut the lock.


Frankly my motivatioins are the same as yours.  I am just frustrated because I see this being a slippery slope for anyone who considers using it and isn't as anal as I (or many of you on the forums) am/are.  One of the points I made is really the most obvious and risky part of this...technicians walking end users through a full factory reset.  This is exactly what happend to the OP on our forum and why we were working so hard to hopefully find a viable solution for her.  She is a victim, not so much of her nonchalance or negligence but of her trusting an ill-advised technician and falling victim to the lack of education in the implementation of encryption and risks of factory reset to that data.


I also believe that if she really understood just what little that encryption DID afford her in terms of protection, she would have never decided to utilize it. It's a great tool for IT departments to prevent sensitive data from being copied off an SD Card that's been encrypted, but what about USB transfer?  If the data is encrypted, it can still be transferred via USB, and once transferred is decrypted in the process so it will no longer be encrypted.


I agree completely that the lack of documentation of how it works is the deepest root of the problem.  I am the type of user who will study instructions and make informed decisions.  I almost never call technical support and when I do, it's after an exhausting process of troubleshooting, process of elimination and agressive research, and even I had a failure of the encryption.  I had a card that I installed encryption on as a test, and then i moved only one file to that card to test, and then turned off encryption and removed that card, and yet it didn't encrypt the file.  My intention was to try to use a third party AES 256 tool to "decrypt" it, but never got that far.  Instead, the file was viewable on a PC with a card reader, but when the card was reinserted into the phone it kept asking for the password even though the file didn't encrypt.  Even after a format of the card, the phone still wanted the password immediately upon insertion of the card before it would proceed.  I would up having to do a factory restore in order to get this resolved.


This process is so confusing and risky and lacking of difinitive and complete information that in order to experiment with it, you really need a blank phone with no personal data on it, and LOTS of time on your hands to try different options, test the results, factory reset and start over again.  I have a new phone coming and will be giving it a full work-out with encryption to see just what the real results are.  I hope to build a matrix of what works how and what doesn't, and will post it once compiled.  In the mean time, if anyone asks about encryption my standard response will be to stay away from it like the plague.