So I have a debate in my head right now about how I should handle devices stored unattended in vehicles. The criteria:
- Devices have new versions of Android
- Pass phrases or many-digit pins are used
- Biometric login is set up (but can’t be used in Lockdown Mode)
- Have Bitwarden installed with biometric auth for the vault
- Has SSH keys on the device
I’m not worried about nation state attacks, but am considering the vector of a tech savy thief, and want to keep SSH keys and other device data secure. Assume they cannot be stored in a vault.
Is storing the phones on but in Lockdown mode enough, or should I turn them off completely? Off would be super annoying to wait for boot every time, but I’m not totally sure how KEK works for an encrypted device with biometrics set up but in Lockdown Mode where they are disabled.
Lockdown mode takes very expensive equipment to bypass
When you reboot, the user data encryption key is flushed from memory, and your unlock code is necessary to decrypt the KEK (key encryption key) held by the TPM / SE chip (which also applies rate limiting). All common attacks on unpowered devices are bruteforce with rate limit bypass.
In lockdown mode the KEK stays in memory so app state and user data is there, but the CPU is in a state which prevents access to it until unlocked with your code. There’s a few more attacks possible, but most are completely blocked by the fact that USB data connectivity is also disabled in this state. You practically have to open up the device to pull data out.
Tldr no ordinary thief will even try.
The bigger risk is having it stolen while unlocked. Make sure you have revocation options ready for keys held on the device
Tech savvy thiefs will just use their knowledge to wipe the phone and flip it quickly for a tenth of what you paid it for; won’t try to extract keys from RAM
I’m not worried about nation state attacks, but am considering the vector of a tech savy thief
I’m not an expert in tech, but I’m pretty sure no non-state actors would be able to bypass the security on most modern up-to-date smartphones. Most thiefs (even tech-savy ones) wouldn’t have those advanced cellebrite devices, that are not only very expensive, they only sell it to verified law enforcement organizations.
So I have a debate in my head right now about how I should handle devices stored unattended in vehicles. The criteria:
So why are you leaving devices unattended? 🤔
Also, not sure if you know this, or if this is even gonna be useful to you, but there is an app that you can use to wipe the phone if it hasn’t been unlocked for X amount of time, the X time which you can set, also has decoy quick menu setting that shows as an “airplane mode” that is a fake that would trigger a wipe if a thief tried to turn on airplane mode (in order to avoid a remote wipe or getting tracked). Also has option to trigger a wipe if any data transfer device or cable is plugged in (power charging without data transfers dont apply). So I guess you can set it up so if a thief connect it to a computer, the wipe gets triggered.
Its called Wasted available on F-Droid and fully open source (as with all F-Droid apps). It doesn’t even require root or a computer to set up, since it uses Device Administrator API which all android phones have.
