cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
FoxKat
Token Ring
Posts: 298
Registered: ‎04-22-2010
Location: United States
Views: 1,694
Message 31 of 63

Re: SD card encryption issue?

 


D.K. said:


foxkat said:

I agree (and I said so), that backing up to a secure storage such as Box or Dropbox, or another secure cloud based or server based storage is a good safeguard and should be practiced in any case.  However backing up files that can't be decrypted outside of the original device, and can't be decrypted if the device had to suffer a factory reset, or if the device should fail entirely is a wasted exercise.



There is a flaw in this paragraph. You cannot back up files in encrypted form. All encrypted files are viewed as non-encrypted by all applications running on the device. So your cloud app will also back up the content that has been decrypted on the fly. In other words, your data in the cloud will be perfectly readable without the device.


I respectfully disagree.  If this statement is flawed, then why did you refer to the ability to back up "raw" by using the USB cable and doing so in "mass storage mode"?  I never said here that the backing up MUST be done via the wireless connnections, although I eluded that it could be an option.  My statement is not flawed unless your previous statement pertaining to "Only "Mass Storage" mode would copy files in "raw" encrypted form." is flawed as well.


 



foxkat said:

In response to your suggestion that this method of protection is "really more of IT/enterprise functionality ", I agree that may have been the intended purpose, but you yourself said that the data can be transferred via USB (as I indicated earlier), and that it would be decrypted in the transfer process to whatever external storage computer location it is attached to, which kind of defeats the purpose of "[protecting] the data from being read by someone who is not authorized to access the system..."



Not true. "authorized" here means "knows the password to unlock the device". You cannot transfer anything over USB until you unlock the device. So again, only authorized user has access to this functionality.


I respectfully disagree.  Authorized does not mean "knows the password to unlock the device", it means "either knows or can determine the password to unlock the device and gain access by any means necessary", especially if the phone is "locked" by something as simple as "0000" or "1234", or any number of other simple pins that we all choose to use to lock our phones.  It is inconvenient for us to remember a 256 bit key, so we use the easy to remember pins to instead make it "inconvenient" for someone who isn't a true threat but simply a nuisance to "pick up our phone and snoop".


That isn't going to keep out the true hacker or someone who is bound and determined to gain access to that valuable information you are carrying around in that pocket computer.  If they want to get to the data, they can go two ways...they can wage an all-out Trillion CPU attack and spend the next Billion years trying to decrypt that data on the card itself (http://www.theinquirer.net/inquirer/news/2102435/aes-encryption-cracked - and that's only 128 bit encryption...), or they can use a jtag interface to crack the screen lock pin (http://forensics.spreitzenbarth.de/2012/02/28/cracking-pin-and-password-locks-on-android/), and gain access to the data in its decrypted form by simply unlocking the home screen.


You see in this situation, it's not WHO (such as the phone's owner or an IT Department) is "authorizing" access, but WHAT (in this case the phone itself) is "authorizing" access, and it's not a question of whether the PERSON (in this case the "unauthorized party") is "authorized" access (by the owner or IT Department again), but whether the PERSON (again "unauthorized party") has the PIN or PASSWORD which GRANTS authorization access, no matter whether they are "authorized" to have it or not.  The rule is "path of least resistance".


 



foxkat said:

Furthermore, if the pin used to access the phone is simply a low level "inconvenience" for someone who wants that data, and once accessed the phone gives you free reign on the data then what is the real benefit to it being encrypted at 256 (actually 254) BIT AES encryption anyway?  Encryption is only as good as the key and if there is a GIANT lock behind a tiny one, and the tiny one is the key to accessing the GIANT one, then that is a flawed design.  SO in fact it IS a problem of the encryption if the encryption's solidarity is depending on the pin to protect it from unfettered reveal.



Analogy with locks is great, but it depends on how you view it. That small lock you mentioned is not encryption. One (like you, who really understands how this works) should distinguish between access to the system, and protection of data at rest. Access to the system is that heavy door, on which user decided to use a small padlock. It's user's choice, and encryption is not involved here at all. What encryption of data at rest does, it protects the content of your house, if attacker somehow was able to get inside without unlocking the door (through the window or down the chimney). And yes, no steel door or bullet-proof windows can protect the sausage in your fridge if you don't lock the door.


Again, I respectfully disagree.  It is true that the small lock is not encryption in the pure sense, although it is stored on the phone in an encrypted fashion so it DOES relate.  Furthermore, your analogy doesn't work.  if the contents of your house are worthless due to encryption (let's say the home self-destructs if an unauthorized entry is detected), then breaking in is futile. However this is not the case, once in, the jewelry (read encrypted data) is sitting on the dresser in a nice neat box  (read available for transfer in decrypted form), and you can pick it up and leave with the spoils (read USB transfer to a portable computer).


EDIT:  I re-read your comment to which I was replying and realize we are on the same page on that point for the most part.  Data that is encrypted if REMOVED from the phone on an encrypted SD card, or if attempted access WITHOUT using the PIN or Password to gain access to the phone by unlocking the screen IS protected.  Furthermore, multiple wrong attempts will result in the phone locking down altogether.  This we are not at odds with.  Where I have my biggest beefs with the encryption are with how easy it is to get past the first line of defense - the screen lock, and then you benefit NONE from encryption as it is there and already decrypted for view.  IF however, once "in", the data STILL needed a KEY, preferably a LONG ASCII KEY, THEN I would feel encryption was doing its job.  You see, in that case the access to AES 256 encrypted data would no longer be SOLELY dependent on the PIN guarding the gates to the castle.  The gates may open (read pin and screen lock), but there's still that Crocodile filled Moat (read AES 256 encryption) that you can't get past in that situation without the bridge (read ASCII KEY).


 


A chain is only as strong as its weakest link.  Your house is only as secure as its weakest door or window.  Your phone is only as secure as its screen lock pin or password, and here is the overlying and all-encompassing comment...data with AES 256 encryption (I don't care if its AES 1,024 encryption - if there ever is such a thing), which is designed to provide decrypted acess to all encrypted data once the screen lock has been entered...is only as secure (encrypted or not) as the PIN or Password used to lock the screen.


I concur on all the remaining points.

D_K_
What's DOS?
Posts: 14
Registered: ‎09-30-2010
Location: United States
Views: 1,694
Message 32 of 63

Re: SD card encryption issue?

Thanks foxkat! Nice reading Smiley Happy, I don't want this thread to become a battle for "hypothetical truth" between us two, so just a couple of quick final comments.



foxkat said:

...I never said here that the backing up MUST be done via the wireless connnections, although I eluded that it could be an option.



I'm sorry, this was in response to "..that backing up to a secure storage such as Box or Dropbox, or another secure cloud based or server based storage is a good safeguard and should be practiced in any case." which I thought was specifically about app-based back up, rather than USB Mass Storage Mode. Based on your response I may have misunderstood. Ignore it then.



foxkat said:

I respectfully disagree.  Authorized does not mean "knows the password to unlock the device", it means "either knows or can determine the password to unlock the device and gain access by any means necessary", especially if the phone is "locked" by something as simple as "0000" or "1234", or any number of other simple pins that we all choose to use to lock our phones.  You see in this situation, it's not WHO is "authorizing" access, but WHAT (in this case the phone itself), and it's not a question of whether the PERSON is authorized access, but whether the PERSON has the PIN or PASSWORD which GIVES authorization access, no matter whether they are "authorized" to have it or not....



Authentication and authorization are not the same thing. Anyone who enters "0000" (if this happens to be your password) is authorized to access the system. But no-one is authenticated as "0000" is not highly personalized. So yes, WHO is not tracked here.



foxkat said:

However this is not the case, once in, the jewelry (read encrypted data) is sitting on the dresser in a nice neat box  (read available for transfer in decrypted form), and you can pick it up and leave with the spoils (read USB transfer to a portable computer).



No. In two words: If you're in by means other than front door (lock screen), you will not find the jewelry (data will not be decrypted).


 



foxkat said:

A chain is only as strong as its weakest link.



Well, this is what I said too. Short password is the weakest link. Encryption implementation is not. How to fight the problem of this weakest link - that's a separate discussion (wasn't even in the initial topic btw Smiley Happy).

FoxKat
Token Ring
Posts: 298
Registered: ‎04-22-2010
Location: United States
Views: 1,694
Message 33 of 63

Re: SD card encryption issue?


D.K. said:

Thanks foxkat! Nice reading Smiley Happy, I don't want this thread to become a battle for "hypothetical truth" between us two...


This is a debat, not a battle and anyone that takes it to mean otherwise is unfortunately wrong.  I know you don't see it that way so we're good.


...so just a couple of quick final comments.



foxkat said:

...I never said here that the backing up MUST be done via the wireless connnections, although I eluded that it could be an option.



I'm sorry, this was in response to "..that backing up to a secure storage such as Box or Dropbox, or another secure cloud based or server based storage is a good safeguard and should be practiced in any case." which I thought was specifically about app-based back up, rather than USB Mass Storage Mode. Based on your response I may have misunderstood. Ignore it then.


Agreed.



foxkat said:

I respectfully disagree.  Authorized does not mean "knows the password to unlock the device", it means "either knows or can determine the password to unlock the device and gain access by any means necessary", especially if the phone is "locked" by something as simple as "0000" or "1234", or any number of other simple pins that we all choose to use to lock our phones.  You see in this situation, it's not WHO is "authorizing" access, but WHAT (in this case the phone itself), and it's not a question of whether the PERSON is authorized access, but whether the PERSON has the PIN or PASSWORD which GIVES authorization access, no matter whether they are "authorized" to have it or not....



Authentication and authorization are not the same thing. Anyone who enters "0000" (if this happens to be your password) is authorized to access the system. But no-one is authenticated as "0000" is not highly personalized. So yes, WHO is not tracked here.


Can you elaborate?  I think I'm missing the point.  In my interpretation, authentication is synonymous with authorization if the person who has the proper PIN can enter it, since the system will authenticate and thereby authorize.


 



foxkat said:

However this is not the case, once in, the jewelry (read encrypted data) is sitting on the dresser in a nice neat box  (read available for transfer in decrypted form), and you can pick it up and leave with the spoils (read USB transfer to a portable computer).



No. In two words: If you're in by means other than front door (lock screen), you will not find the jewelry (data will not be decrypted).


You may have mised the criteria "once in" as it was implied to mean once you've discovered and entered the proper PIN or Password, so we're basically in agreement here.  I would never imply that "bypassing" the PIN or Password would yield access to the data even if it allowed access to the phone, however this has not yet been proven or disproven.


 



foxkat said:

A chain is only as strong as its weakest link.



Well, this is what I said too. Short password is the weakest link. Encryption implementation is not. How to fight the problem of this weakest link - that's a separate discussion (wasn't even in the initial topic btw Smiley Happy).


Agreed, but whether or not it was "in the topic" in your mind, or whether it was made clear by either me or SallyC heretofore, it IS in the topic for the purpose of this discussion which is to understand ALL ramifications of encryption on these phones and how to effectively utilize it while being cognizant of the potential pitfalls.  Again, encryption behind a PIN (or Password) which is transparent once that PIN is entered is only as secure as the PIN.



 

D_K_
What's DOS?
Posts: 14
Registered: ‎09-30-2010
Location: United States
Views: 1,694
Message 34 of 63

Re: SD card encryption issue?


foxkat said:

Can you elaborate?  I think I'm missing the point.  In my interpretation, authentication is synonymous with authorization if the person who has the proper PIN can enter it, since the system will authenticate and thereby authorize.


 



Sure. 


Authentication is verification of "you are who you say you are". 


Authorization is verification of "can you access this resource?"


 


So here we're discussing authorization - how well data is protected until "authorized" trigger happens, and how it can be accessed after that.
Authentication, on the other hand (in this context) is a different problem. The only method of authentication we're using here is the password. And the weaker the password, the higher the probability that the user will be authenticated incorrectly (i.e. who enters the password is not the same person who owns the device or acts on his/her behalf).


So all I was saying is that authorization is implemented more or less adequately for the purpose of encryption, but the strength of authentication is largely left for user (or IT) to be handled. Of course it'd be nice if when enabling encryption the device would unconditionally gather your biometrics, generated the encryption key based on that and then always used biometrics to reconstruct the key. So even if you unlock the phone with the password, data would only get decrypted if you.. I don't know, put a drop of your blood in the receiver Smiley Happy. But I don't see this happening.

FoxKat
Token Ring
Posts: 298
Registered: ‎04-22-2010
Location: United States
Views: 1,694
Message 35 of 63

Re: SD card encryption issue?

Great information and very helpful for me to even closer align my concerns and understanding with yours.  So authentication is the issue, not authorization, since once authenticated, you are then by way of the permissions specified for your security level, authorized to access said data.  Great!  Got it, right?


As for the drop of blood, it may never get to that but there may very well be something that effectively reaches the same level of authentication via some, less painful and violating method of garnering your DNA.  Until then, perhaps multiple authentication (i.e. fingerprint coupled with iris scan and PIN or Password) is our best line of defense.  Short of that, an 8 digit pin comprised of letters, numbers, and symbols (ASCII or even ASCII Extended), would be the highest level of authentification that the phone will support at the moment, based on what I've read.


Back to the initial subjects at hand which are can the data on the owner's card be recovered in any way, and subsequently can data encrypted in Password mode be decryted outside the phone, such as with a Windows based tool, and also what is the proper way to implement the encryption to prevent accidently locking it in encryption forever, never to be decrypted again even with the proper PIN/Password, and even if in the original phone, and even if the phone has not be Factory reset.


Hopefully my experiments today and tonight will shine some light on this, since I now have a replacement Razr MAXX, and will be sending back the Razr, so I will be using the Razr to run these tests.


 


Wish me luck! Cool

Moto Sr Moderator
Moto Sr Moderator
Posts: 13,987
Registered: ‎02-02-2016
Location: US
Views: 1,694
Message 36 of 63

Re: SD card encryption issue?


foxkat said:

Hopefully my experiments today and tonight will shine some light on this, since I now have a replacement Razr MAXX, and will be sending back the Razr, so I will be using the Razr to run these tests.


Wish me luck! Cool



Wishing you luck, and looking forward to reading the results of the experiments Smiley Happy


Thanks!

Comment in the spirit of COMMUNITY: "Share experiences / expertise, engage in the discussions, and offer advice and suggestions."
D_K_
What's DOS?
Posts: 14
Registered: ‎09-30-2010
Location: United States
Views: 1,694
Message 37 of 63

Re: SD card encryption issue?


eaccents said:


foxkat said:

Hopefully my experiments today and tonight will shine some light on this, since I now have a replacement Razr MAXX, and will be sending back the Razr, so I will be using the Razr to run these tests.


Wish me luck! Cool



Wishing you luck, and looking forward to reading the results of the experiments Smiley Happy


Thanks!



 +1 

FoxKat
Token Ring
Posts: 298
Registered: ‎04-22-2010
Location: United States
Views: 1,694
Message 38 of 63

Re: SD card encryption issue?

Well, first round of testing results are below.  There is LOTS more to do.


Here's what I've found so far:


Files encrypted on the RAZR (newly fastbooted to .173), and with Password encryption, will not read in the RAZR MAXX with no lock screen Password, even though it asks for the Password when the card is inserted.


Files transferred from phone with encryption enabled to PC via USB Mass Storage, USB PC mode, or via Motocast USB will not open on PC, but will open on that phone normally.


Card removed from original phone with encryption and then reinserted into that same phone responds to password on lock screen and files open on that phone normally.


I have been unsuccessful in getting a decrypted copy of the file to the PC from the encrypted phone and card.


I transferred encrypted files to the PC but they would not decrypt with a third part AES 256 utility.


Those encrypted files then transferred back to the encrypted phone open normally.


If the encrypted card is inserted and the password is bypassed, the card is completely inaccessible (though I did not do a reboot of the phone, so I am still undecided on this).

sallyc1
802.11n
Posts: 172
Registered: ‎11-15-2011
Location: United States
Views: 1,694
Message 39 of 63

Re: SD card encryption issue?


foxkat said:

Well, first round of testing results are below.  There is LOTS more to do.


Here's what I've found so far:


Files encrypted on the RAZR (newly fastbooted to .173), and with Password encryption, will not read in the RAZR MAXX with no lock screen Password, even though it asks for the Password when the card is inserted.


Files transferred from phone with encryption enabled to PC via USB Mass Storage, USB PC mode, or via Motocast USB will not open on PC, but will open on that phone normally.


Card removed from original phone with encryption and then reinserted into that same phone responds to password on lock screen and files open on that phone normally.


I have been unsuccessful in getting a decrypted copy of the file to the PC from the encrypted phone and card.


I transferred encrypted files to the PC but they would not decrypt with a third part AES 256 utility.


Those encrypted files then transferred back to the encrypted phone open normally.


If the encrypted card is inserted and the password is bypassed, the card is completely inaccessible (though I did not do a reboot of the phone, so I am still undecided on this).



 


Thanks, Foxkat.  Not very good news at all, I'm afraid.  My orignal post was trying to find help for someone who's phone died or needed a FDR, but it looks like the problems are much more extensive than that.


To restate what I said earlier, which seems even more important now than then: I really hope this thread will raise awareness about this problem and 1) prevent others from using encryption and thinking their data is secure when, in fact, it is highly vulnerable to loss and 2) cause Motorola to change the way they implement AES 256.

appyface
What's DOS?
Posts: 7
Registered: ‎04-18-2012
Location: United States
Views: 1,694
Message 40 of 63

Re: SD card encryption issue?

foxkat's first round of testing echos my own experience :-(


The discussions in this thread point out many different and completely valid viewpoints regarding security of phone contents, use of encryption, passwords, authorization to access, gaining access, etc. 


Speaking strictly for myself, I am trying to balance a 'reasonable' security effort with practicality.


1. I want my data 'reasonably' secure from unauthorized access should my phone be lost, stolen, or even unable to be reset due to hardware failure, etc.


2. I want to back up and restore my data to same or different phone, should I need to do a factory reset, change my lockscreen password, get a different phone, etc. 


3. I want to transfer select files (such as pictures and videos taken with the phone's camera) at will in an unencrypted state, off the phone to another location (such as to secured FTP server, email to myself or friends, etc.) 


 


Some comments regarding the above. Again I'm speaking only for myself here, YMMV!


* 'Reasonable' is in quotes as this is of course subjective.  For me, leaving the phone unencrypted is not an option.  The unencrypted cards can be physically removed, mounted to another device, and read -- all without knowing the lockscreen password.  No encryption = no protection.


* Any unauthorized access to my phone is most likely to be one of opportunity (lost, stolen, returned to factory without a reset/wipe, etc.) and not because a professional targeted my phone strictly for its contents.  (No state secrets here...)  By using only a (long and PITA) lockscreen password for the encryption key, I know that is not 'strong' protection, but a way to scramble the cards and make accessing the phone enough of a hassle that it will just be reset and formatted and they have a free phone.


* Backup and restore is subjective too.  For me, backing up the phone's settings and preferences is of course quite helpful for convenient quick restoring after a factory reset or to another same model phone. But my REAL goal is to have offline unencrypted copies of my personal data files (documents, pictures, videos, music, etc.) I can restore to same or different phone, or use in my PC (view pictures, play videos and music, read and edit documents, etc.).


* Some items are possibly in a grey area for this type of backup/restore such as contacts stored on the phone, certificate stores and keys, etc.  There are usually ways around not losing those though (store contacts in GMail or other location instead of on phone, or use the backup assistant; certificates and keys can usually be reinstalled with some effort, etc.).


* Transferring select files off the phone in unencrypted state to sFTP or via email is really a "poor man's" backup for me, until I can do a scheduled backup.  Great example are the videos and pictures from my recent trip that I was not able to access. I wouldn't email something sensitive unencrypted, but I do wish I could have emailed myself those pictures and videos unencrypted before I got home.


 


Bottom line for me, and again I'm speaking only for myself...


Unencrypted gives wide open access to the cards in the phone without needing ANY password or even the phone.  So that's not an option for me.  A long PITA lockscreen password as the encryption key is not 'strong', but it does make gaining unauthorized access to the phone or the data just enough trouble that I doubt it would be bothered with -- after a some unsuccessful attempts the phone would be reset and the cards formatted.  So I feel I've met my 'reasonable' security balanced with practicality by using only a lockscreen password, with the (now known to be inaccurate) understanding that I can decrypt the data, on the phone or off the phone with some utility, because I can supply the password.


My other goals of balancing security with practicality then are NOT met as long as I'm using ANY method of phone encryption.  I can't transfer encrypted files to an unencrypted state offline (via backup, email, sFTP, etc.) without a huge hassle turning encryption on/off to make the phone write unencrypted copies, etc. and I can't transfer offline unencrypted files to an encrypted state on the cards without the same hassle of making the phone write the files out encrypted.  (One small exception:  Email attachments opened on the phone and then saved to filesystem will be written out encrypted if encryption is on.  Still a PITA.)


 


Seems I'm stuck in that proverbial spot between the rock and the hard place...