this post was submitted on 13 Sep 2023
112 points (95.2% liked)
Privacy
31973 readers
192 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
With unlocked bootloader you can dump the data and brute force the password. With locked bootloader on pixel devices, you can't even do that.
From what I've read, that doesn't really work - you'd need the encryption key, not the pin/password, because of how the encryption platform works.
Again, it's been a while, and this isn't my field. I just remember being properly surprised at how little I understood - that the pin/password are merely keys to accessing the encryption key, and it's all tied together in validating during hoot. Like you can't image the system and drop it in another phone if it's been encrypted, even if you have the pin - the encryption system on the different hardware would calculate things incorrectly (I did this once, dropped an encrypted image on a duplicate phone. That was fun trying to figure out why it wouldn't work).
There's more to the puzzle that's frankly above my pay grade, but last time I read about how to get into an encrypted phone, (even boot unlocked) required the expertise and tools of certain types of folks. Not your average "haxxor".
Granted, that expertise and those tools are getting closer to us every day...
I thought the security chip was being disabled when unlocking the bootloader but apparently it just skips image validation.
So basically you can flash anything (which kinda is what you want). You could theoretically also modify the system files to being able to bruteforce your pincode.
Unlocking the bootloader also makes your device less secure in other ways. When there's a root exploit in Android verified boof safes you from it being exploited.
Good point about root exploit. It's a potential.
Thing is, every Linux server and windows box suffers the same risk... But we don't hear "the sky is falling" about those... Because it's considered a measured risk and security is layered. As it should be.
Hell, people still run windows laptops unencrypted today - which is far worse than an unlocked bootloader on Android.
But you also don't usually safe your whole identity to the cloud