Rich Freeman on 6 Sep 2015 07:02:20 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Cheap Nexus 6

On Sun, Sep 6, 2015 at 2:54 AM, brainbuz <> wrote:
> With so many phones coming to market with a fingerprint reader, any smart
> phone that doesn't have one is obsolete junk. PINS and swipes are really
> inconvenient compared to fingerprint and given the personal data thats going
> on phones these days I don't see how a more secure and more convenient means
> of securing the device can be considered optional.

A fingerprint reader only helps with security if the storage is
completely encrypted (both the media/sdcard and data regions) either
using a strong enough key to resist brute-force attacks, or using some
mechanism that ensures a limitation on number of attempts per second.

Chromebooks employ a TPM chip to accomplish the second. The password
you enter is combined with an encrypted key stored on disk, and fed
into the TPM to decrypt using a key stored in the chip.  If the
decryption fails then the password is wrong.  If the decryption
succeeds it yields the strong key used to access the storage contents.
The TPM itself limits the number of attempted decrypts per second (it
is slow), and you can't perform the process without it unless you
extract the key stored inside (and the TPM is engineered to make this
incredibly difficult even for a very sophisticated attacker).

As far as I'm aware Android does not do anything like this - the only
entropy in the system is whatever you enter in your password (which by
default is intended to be a screen lock key you enter all the time),
and there is nothing that guarantees that attacks on the storage will
be rate-limited - you just need to extract the encrypted contents of
the flash chips and attack it with the computer of your choice.

I'd rate Android's data security as pretty casual overall.  I have no
idea how it compares to iOS, but it is nowhere near as strong as
ChromeOS (on a device with a supported TPM - which includes all
commercially-sold machines but not anything you just build yourself).
It doesn't hurt that ChromeOS devices tend to have keyboards which
encourage more complex passwords, but either way an attacker with full
hardware access (including taking the thing apart but not defeating
the TPM) is limited to about 2 attempts per second at most.

Now, maybe with a fingerprint reader you'd be more encouraged to enter
a really long and complex password at boot.  If the thing allows the
first unlock to use the fingerprint then they're storing the password
somewhere and that is another potential vulnerability, depending on
whether it involves a TPM.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --