Ask / Submit
8

Panic Data Wipe.

asked 2017-08-31 04:47:01 +0300

DarkTuring gravatar image

I am proposing a new security feature, from the phone lockscreen enter a secret passcode (setup in settings) other than the phone unlock code and hold the power button, or volume down button, and the phone will immediatelly run a script off of memory to overwrite 1-2 times with 0 and 1s the user, then the system phone data, including SD card, maybe leave recovery partition alone.

So when the police, or corrupt government is bangingbdown your door you can quickly and efficiently limit your exposure to disclosure.

edit retag flag offensive close delete

1 Answer

Sort by » oldest newest most voted
11

answered 2017-08-31 07:50:42 +0300

juiceme gravatar image

updated 2017-08-31 07:51:19 +0300

Very good idea, however there are some problems associated with such wiping;

  1. I did some experiment on pattern-writing full flash memory on N9 a few years ago, and it takes surprisingly long time to walk through the whole memory. Now I cannot find the TMO article where I had the results any longer but if I am not mistaken it was almost an hour to fully fill the 64GB memory... Jolla sbj1 has only 16GB but still, you might want to run this on newer SFOS devices too.
  2. Flash memory is not really organized internally like the driver interface presents it to you. In reality there are eraseblocks that are recycled into and out of use by chip-internal algorithms for wear-leveling purposes, and also there are more than the shown amount of blocks, so that worn-out blocks can be marked bad and set aside, replaced by fresh ones. What this means is that by erasing a block you might actually be given a fresh block and the old one remains there without being touched...

What I'd propose is to wait for Jolla to implement full-device encryption (or home directory encryption which would be as usable). This seems to be in the works and hopefully will be available in some future release.

When device content is encrypted then you don't need to wipe the device at all to be secure, all you need to do is to wipe the encryption keyfile which is just few kilobytes in size. This is the method that for example Apple uses by default.

edit flag offensive delete publish link more

Comments

Perfect then, i suggest the panic option on the volume encryption keyfile, same methodology: 1. press power or volume down 2. while entering emergency code say, 1234 3. then wipe amd overwrite the keyfile, 4. Maybe have a way to save the keyfile if you ever wanted access back, say on another encrypted laptop volume.

DarkTuring ( 2017-08-31 19:48:03 +0300 )edit

Well, everybody should have an up-to-date automatic backup all the time; for example I run a cronjob every night to rsync my devices home directory to my server. This way I could wipe everything and still have few hours recent backup at home.

juiceme ( 2017-08-31 21:39:09 +0300 )edit
Login/Signup to Answer

Question tools

Follow
4 followers

Stats

Asked: 2017-08-31 04:47:01 +0300

Seen: 313 times

Last updated: Aug 31 '17