Ask / Submit
14

Sailfish X protecting private data

asked 2017-08-29 14:17:25 +0200

Nekron gravatar image

Dear all,

with the rise of Sailfish X a concern about private data security came into my mind. As we have to unlock the bootloader to install the OS a thief would be able to flash custom recovery and get hold of the user data partition.

What countermeasurements are on the roadmap to make this impossible (LUKS, FUSE (encFs, cryptoFs...))?

edit retag flag offensive close delete

Comments

If you lose your phone I'm not sure how anyone else is meant to be able to offer protection ideas to combat that, how else could they flash anything? Am I missing something? I wouldn't put any info on my phone like stored card numbers etc, if someone steals your phone they're gonna get what? email/pass combo's/ login details? If you unlock the bootloader to install, like I'll have to if I buy one to flash SFOS on, I just take it that this is the chance I have to take to get what I want on the phone, wouldn't this be the same scenario on any phone?

davekelly ( 2017-08-29 14:38:34 +0200 )edit
2

@davekelly The iPhone has for some time had some pretty tough protections with device memory encryption using a secure enclave. The only currently working ways to get data off a locked iPhone is a pretty impractical passcode brute force hack that requires you to solder the NAND flash chips off the board and something referred to as "rubber hose cryptoanalysis".

Android also offers something similar, but from what I've gathered it's not as involved and while not trivial, it's much easier to crack than the protection on recent iPhones.

L_A_G ( 2017-08-29 15:12:30 +0200 )edit
1

@davekelley i think the answer is more obvious and easier to implement than you think. Apple has successfully worked with backup encryption, whole drive encryption, and with the new high Sierra file system, individual file transfer encryption.

What Jolla can do is simply encrypt the user partition using the same passcode you use to unlock your phone for example (to combine ease of use and security).Now loose your phone and the data on it is useless unless for some dedicated and persistant hackers maybe.

DarkTuring ( 2017-08-29 18:59:49 +0200 )edit

1 Answer

Sort by » oldest newest most voted
16

answered 2017-08-29 19:21:07 +0200

If you take a look at the translations for 2.1.2 which is now in CBeta release at the moment, you will see that Jolla is working on full device encryption.

Not sure if it lands in 2.1.2 though...

edit flag offensive delete publish link more

Comments

1

+1 for full device encryption! Good to know they are working on this as going the OS vendor road any future unlocked device will have this security issue.

Nekron ( 2017-08-30 12:47:32 +0200 )edit
Login/Signup to Answer

Question tools

Follow
7 followers

Stats

Asked: 2017-08-29 14:17:25 +0200

Seen: 686 times

Last updated: Aug 29 '17