Factory Reset Protection: a new approach to protecting personal data in Android
The sixth version of the most popular and popular operating system in the Android world from Google, besides a number of various improvements, which were described in detail during its announcement and launch, contains at least one interesting and, most importantly, useful security option, which was not widely discussed.
Every year, phones and tablets are becoming more technically advanced and can perform more and more tasks. Initially, the most valuable data on the devices were SMS messages, contacts, less often - notes or files. Now, with the loss of the actual device used by the owner “to the fullest”, an attacker can get contacts, messages, photos, application passwords, bank card data and access to it, cloud storage, corporate mail, files — in short, a lot of personal and valuable information from which you can commit all sorts of frauds, ranging from pranks and ending with fraud and extortion.
Factory Reset Protection, or FRP in Android M, makes the device an order of magnitude more secure if it is stolen or lost for another reason, while remaining virtually invisible to the device owner.
')
As it was written earlier, this function does not in any way complicate the life of the device owner, all that needs to be done to activate it, for example, Huawei’s Nexus 6P , is to enter Google account data on your phone when you first start it, and also set any type of password protection against unauthorized unlocking.
Chic Nexus 6P from Huawei
Separately, it is worth noting that in devices from different manufacturers, the implementation of activating this function may differ: for Samsung on the basis of Android 6, the option is in the Samsung account settings.
Equally chic Samsung S7 Edge
In order to understand how this will help in real life, let's look at the option of losing a phone protected with FRP and a password. So, the attacker has the phone, but he cannot pick up the password (of course, you should not put the password in 1234 if there is anything valuable on the phone). If the purpose of the theft is the data itself, the next steps are flashing the custom Recovery or using the software without erasing the userdata. The first will not work due to the default bootloader, and in the second case, after turning on the phone, it will immediately require access to the network and ask for the username and password from the Google account that was used before these operations, and before that is done, go through the phone setup is impossible.
Surely among the readers there are those who are well versed in Android, and they will surely say that you can flash custom, that is, not official software without Google services in general, or make a full memory format before flashing. Google provided this, the first is again impossible with a closed downloader, the second will not work.
Thus, any action aimed at resetting data or changing software will result in a password and mail request from the account entered to the completed actions.
When the conditions for activating FRP are fulfilled, the data for verification is placed in the memory section, which is used to store the calibrations of the radio part of the device. The trick to this move is that this area is a write-once memory. Thus, it is simply impossible to overwrite them or replace them without an extremely serious approach to business, which will consist in soldering out memory modules and fighting with the new Android cryptography. In other cases, the attacker will receive a phone without data that he cannot even use.
The pioneer of such a mechanism was Apple with iCloud activation lock, so without comparing them the description would be incomplete, because the decision from Google came out later, and certainly not without looking at the competitor.
In the latest versions of Android and iOS, creating a password is requested by default, but is not mandatory, so there is parity.
Here, the Apple product will explicitly ask you to disable the option to prevent re-activation only when flashing through a PC / MAC from a non-DFU, otherwise it is considered that only the owner of the device can enter the password and go to the reset menu. Android nowhere and in no way warns that something is activated during a reset. In terms of security, this is a plus, in terms of surprises and usability - a minus.
In iOS, the beginning and end of the address of the mail that was used on the device before the reset are shown, in Android it is not. On the one hand, this is a plus for security, on the other - at least a tiny possibility to unlock the lock with your own hands in case the device was handed over to you for use, or it became a victim of children's experiments.
Of course, any or almost any protection can be cracked or circumvented, it is only a matter of need and resources to solve the problem. But it is worth remembering that when Apple introduced this protection, the number of thefts of the iPhone abruptly declined due to the fact that the analysis of the phone on the details is too specific and nontrivial process for the attacker. If the emergence of this mechanism after the greater spread of Android M in the market will lead to the same trend - this will be a big victory.
Those who plan to give their Android M device for permanent use to children, colleague, relatives or simply sell should remember that in order to deactivate FRP, you must delete accounts from the corresponding menu before resetting the settings, as well as clear data from the “security ".
It is very nice that Google, even if not publicly and with great fanfare (which would be logical, and quite justified), seriously took on the aspect of protecting the personal data of users, of which a great many are stored in the company's services. Let FRP is not an ideal protection system, but for most situations its capabilities, coupled with the emergency ability to remotely control an Android device, should suffice for most
Every year, phones and tablets are becoming more technically advanced and can perform more and more tasks. Initially, the most valuable data on the devices were SMS messages, contacts, less often - notes or files. Now, with the loss of the actual device used by the owner “to the fullest”, an attacker can get contacts, messages, photos, application passwords, bank card data and access to it, cloud storage, corporate mail, files — in short, a lot of personal and valuable information from which you can commit all sorts of frauds, ranging from pranks and ending with fraud and extortion.
Factory Reset Protection, or FRP in Android M, makes the device an order of magnitude more secure if it is stolen or lost for another reason, while remaining virtually invisible to the device owner.
')
How does factory reset protection work?
As it was written earlier, this function does not in any way complicate the life of the device owner, all that needs to be done to activate it, for example, Huawei’s Nexus 6P , is to enter Google account data on your phone when you first start it, and also set any type of password protection against unauthorized unlocking.
Chic Nexus 6P from Huawei
Separately, it is worth noting that in devices from different manufacturers, the implementation of activating this function may differ: for Samsung on the basis of Android 6, the option is in the Samsung account settings.
Equally chic Samsung S7 Edge
In order to understand how this will help in real life, let's look at the option of losing a phone protected with FRP and a password. So, the attacker has the phone, but he cannot pick up the password (of course, you should not put the password in 1234 if there is anything valuable on the phone). If the purpose of the theft is the data itself, the next steps are flashing the custom Recovery or using the software without erasing the userdata. The first will not work due to the default bootloader, and in the second case, after turning on the phone, it will immediately require access to the network and ask for the username and password from the Google account that was used before these operations, and before that is done, go through the phone setup is impossible.
Surely among the readers there are those who are well versed in Android, and they will surely say that you can flash custom, that is, not official software without Google services in general, or make a full memory format before flashing. Google provided this, the first is again impossible with a closed downloader, the second will not work.
Thus, any action aimed at resetting data or changing software will result in a password and mail request from the account entered to the completed actions.
How does it work?
When the conditions for activating FRP are fulfilled, the data for verification is placed in the memory section, which is used to store the calibrations of the radio part of the device. The trick to this move is that this area is a write-once memory. Thus, it is simply impossible to overwrite them or replace them without an extremely serious approach to business, which will consist in soldering out memory modules and fighting with the new Android cryptography. In other cases, the attacker will receive a phone without data that he cannot even use.
iCloud activation lock vs. FRP - who is better?
The pioneer of such a mechanism was Apple with iCloud activation lock, so without comparing them the description would be incomplete, because the decision from Google came out later, and certainly not without looking at the competitor.
- Initial setup and the need to set a password.
In the latest versions of Android and iOS, creating a password is requested by default, but is not mandatory, so there is parity.
- Explicit warning when resetting the device to factory settings from the settings menu.
Here, the Apple product will explicitly ask you to disable the option to prevent re-activation only when flashing through a PC / MAC from a non-DFU, otherwise it is considered that only the owner of the device can enter the password and go to the reset menu. Android nowhere and in no way warns that something is activated during a reset. In terms of security, this is a plus, in terms of surprises and usability - a minus.
- Tips and ease of unlocking the owner of the device, which is known and login and password or their options.
In iOS, the beginning and end of the address of the mail that was used on the device before the reset are shown, in Android it is not. On the one hand, this is a plus for security, on the other - at least a tiny possibility to unlock the lock with your own hands in case the device was handed over to you for use, or it became a victim of children's experiments.
Of course, any or almost any protection can be cracked or circumvented, it is only a matter of need and resources to solve the problem. But it is worth remembering that when Apple introduced this protection, the number of thefts of the iPhone abruptly declined due to the fact that the analysis of the phone on the details is too specific and nontrivial process for the attacker. If the emergence of this mechanism after the greater spread of Android M in the market will lead to the same trend - this will be a big victory.
Those who plan to give their Android M device for permanent use to children, colleague, relatives or simply sell should remember that in order to deactivate FRP, you must delete accounts from the corresponding menu before resetting the settings, as well as clear data from the “security ".
What is the result?
It is very nice that Google, even if not publicly and with great fanfare (which would be logical, and quite justified), seriously took on the aspect of protecting the personal data of users, of which a great many are stored in the company's services. Let FRP is not an ideal protection system, but for most situations its capabilities, coupled with the emergency ability to remotely control an Android device, should suffice for most
Source: https://habr.com/ru/post/393373/
All Articles