We have moved to a new Sailfish OS Forum. Please start new discussions there.
2

Does a factory reset protect against malware?

asked 2020-01-20 11:48:50 +0200

Hey there,

I bought a used phone with preinstalled SFOS, and just out of curiosity:

Does a factory reset protect me against preinstalled malware on the phone?

edit retag flag offensive close delete

3 Answers

Sort by » oldest newest most voted
10

answered 2020-01-20 12:29:56 +0200

DrYak gravatar image

A factory reset:

  • on devices that use BTRFS (e.g.: original Jolla Phone 1), will simply delete the current BTRFS subvolumes (@ and @home) and will make a new snapshot from a reference factory snapshot (factory-@, factory-@home). After that, it will reflash the firmware version from that snapshot (from /boot subdirectory) into the boot and driver partitions. Alien-dalvik needs to be re-downloaded from Jolla Store.

  • on LVM+EXT4 devices (e.g.: Sony Xperia devices), the reset will overwrite the home and root partition with reference partition image stored in /fimage. Boot and driver firmware partitions will be left untouched, same as the /opt/alien partition (you need to redownload alien-dalvik from store to override).

So at best, it returns the device to a more pristine state.

But in practice you shouldnt trust a compromized device. You can't be sure if virus-infected device will actually do a real factory reset, or if it will only pretend to do so and actually stay infected

Best way is to put the phone in USB Fastboot, and overwrite everything from here. (including re flash of kernel and drivers).

edit flag offensive delete publish link more

Comments

2

Thx for the good answer.

and overwrite everything from here.

Means ... proceeding like described in the install instructions of SFOS, going from '6.'?

Or will there be the need for additional knowledge which is not stated in the instructions?

BlaeX ( 2020-01-20 12:44:58 +0200 )edit
2

Yup, do the whole instal: including reflash boot kernel, sony drivers, and Sailfish partition.

And then redownload Aliendalvik from the Jolla Store to overwrite /opt/alien/system.img

DrYak ( 2020-01-20 15:01:50 +0200 )edit

@DrYak by "reflash sony drivers" do you mean reinstall Android and then back to a fresh Sailfish installation?

Spark ( 2020-03-02 21:33:04 +0200 )edit

Sony driver = the blob package that contain all the proprietary firmware to make the phone work (mostly GPU drivers). That is the firmware package you were asked to download from Sony's Opendevices website as part of the flashing of Sailfish OS.

  • if you re-run the Sailfish OS installation script, it will get flashed as part of the installation proceedure.
  • in theory, yes, if you re-install Android, that firmware partition will also get re-written as part of the Android installation (except you'll probably end-up with the wrong version as Sailfish OS still relies on firmwares for Android 6 and 8 for Xperia X and XA2 respectively, whereas Sony has moved on to Android 9 by now. So you'll need, to reflash the older Sony firmware blob as part of the Sailfish installation anyway).

TL;DR: You can skip re-installation of Android (but that should work too).

DrYak ( 2020-03-03 18:37:56 +0200 )edit
2

answered 2020-01-20 13:04:06 +0200

0xe4524ffe gravatar image

updated 2020-01-20 13:05:00 +0200

No, it doesn't, it's somewhat easy to compromise a factory reset by modifying factory reset image or putting malware in the partition that wouldn't be wiped.

Most you can do, is reflashing everything in fastboot mode, though it won't get rid of malware if it modified bootloader for example, but there is extremely low possibility of such malware existing, because almost nobody knows how those bootloaders work IMHO.

edit flag offensive delete publish link more

Comments

As the question has been posed with an hypothetical paranoid eye, one should also consider that malware could have been pushed to the baseband section of a phone (the part that handles the GSM/3G/4G communication) where it is extremely difficult to detect and to eradicate, due to fact that very little is known about those chipsets, they are running opaque 'blobs' of closed-sourced code, and they are essentially independent of the main processor that runs e.g. SFOS.

simosagi ( 2020-01-21 00:52:39 +0200 )edit

@simosagi Qualcomm modems that are integrated in SoC probably don't have any writeable memory that can persist after device poweroff. If they had one, it wouldn't be necessary to load firmware for modem initialization.

0xe4524ffe ( 2020-01-21 01:08:36 +0200 )edit
1

answered 2020-01-20 12:03:55 +0200

NexionTech gravatar image

how can you tell you´ve gotten malware?

edit flag offensive delete publish link more

Comments

4

Can't tell, and i don't suspect it. The question is just hypothetical // out of paranoia. Is there a (known) possibility for software to survive a factory reset?

BlaeX ( 2020-01-20 12:10:24 +0200 )edit
1

well...in theory it should because you "erase all data" but if the "malware" gets in to your CPU or such a reset wont help, just dont click on "stupid ads" or suspisious links and you should be fine from malware/viruses.

NexionTech ( 2020-01-20 12:12:58 +0200 )edit
Login/Signup to Answer

Question tools

Follow
3 followers

Stats

Asked: 2020-01-20 11:48:50 +0200

Seen: 724 times

Last updated: Feb 03 '20