Does a factory reset protect against malware?

asked 2020-01-20 11:48:50 +0300

BlaeX

835 ●23 ●33 ●39

http://www.duckduckgo.com...

Hey there,

I bought a used phone with preinstalled SFOS, and just out of curiosity:

Does a factory reset protect me against preinstalled malware on the phone?

edit retag flag offensive close delete

1

answered 2020-01-20 12:03:55 +0300

NexionTech
11 ●1

how can you tell you´ve gotten malware?

edit flag offensive delete publish link

Comments

4

Can't tell, and i don't suspect it. The question is just hypothetical // out of paranoia. Is there a (known) possibility for software to survive a factory reset?

BlaeX ( 2020-01-20 12:10:24 +0300 )edit

1

well...in theory it should because you "erase all data" but if the "malware" gets in to your CPU or such a reset wont help, just dont click on "stupid ads" or suspisious links and you should be fine from malware/viruses.

NexionTech ( 2020-01-20 12:12:58 +0300 )edit

10

answered 2020-01-20 12:29:56 +0300

DrYak

9624 ●93 ●134 ●128

http://www.sympato.ch/

A factory reset:

on devices that use BTRFS (e.g.: original Jolla Phone 1), will simply delete the current BTRFS subvolumes (@ and @home) and will make a new snapshot from a reference factory snapshot (factory-@, factory-@home). After that, it will reflash the firmware version from that snapshot (from /boot subdirectory) into the boot and driver partitions. Alien-dalvik needs to be re-downloaded from Jolla Store.
on LVM+EXT4 devices (e.g.: Sony Xperia devices), the reset will overwrite the home and root partition with reference partition image stored in /fimage. Boot and driver firmware partitions will be left untouched, same as the /opt/alien partition (you need to redownload alien-dalvik from store to override).

So at best, it returns the device to a more pristine state.

But in practice you shouldnt trust a compromized device. You can't be sure if virus-infected device will actually do a real factory reset, or if it will only pretend to do so and actually stay infected

Best way is to put the phone in USB Fastboot, and overwrite everything from here. (including re flash of kernel and drivers).

edit flag offensive delete publish link

Comments

2

Thx for the good answer.

and overwrite everything from here.

Means ... proceeding like described in the install instructions of SFOS, going from '6.'?

Or will there be the need for additional knowledge which is not stated in the instructions?

BlaeX ( 2020-01-20 12:44:58 +0300 )edit

2

Yup, do the whole instal: including reflash boot kernel, sony drivers, and Sailfish partition.

And then redownload Aliendalvik from the Jolla Store to overwrite /opt/alien/system.img

DrYak ( 2020-01-20 15:01:50 +0300 )edit

@DrYak by "reflash sony drivers" do you mean reinstall Android and then back to a fresh Sailfish installation?

Spark ( 2020-03-02 21:33:04 +0300 )edit

Sony driver = the blob package that contain all the proprietary firmware to make the phone work (mostly GPU drivers). That is the firmware package you were asked to download from Sony's Opendevices website as part of the flashing of Sailfish OS.

if you re-run the Sailfish OS installation script, it will get flashed as part of the installation proceedure.
in theory, yes, if you re-install Android, that firmware partition will also get re-written as part of the Android installation (except you'll probably end-up with the wrong version as Sailfish OS still relies on firmwares for Android 6 and 8 for Xperia X and XA2 respectively, whereas Sony has moved on to Android 9 by now. So you'll need, to reflash the older Sony firmware blob as part of the Sailfish installation anyway).

TL;DR: You can skip re-installation of Android (but that should work too).

DrYak ( 2020-03-03 18:37:56 +0300 )edit

2

answered 2020-01-20 13:04:06 +0300

0xe4524ffe
173 ●3 ●5 ●10

updated 2020-01-20 13:05:00 +0300

No, it doesn't, it's somewhat easy to compromise a factory reset by modifying factory reset image or putting malware in the partition that wouldn't be wiped.

Most you can do, is reflashing everything in fastboot mode, though it won't get rid of malware if it modified bootloader for example, but there is extremely low possibility of such malware existing, because almost nobody knows how those bootloaders work IMHO.

edit flag offensive delete publish link

Comments

As the question has been posed with an hypothetical paranoid eye, one should also consider that malware could have been pushed to the baseband section of a phone (the part that handles the GSM/3G/4G communication) where it is extremely difficult to detect and to eradicate, due to fact that very little is known about those chipsets, they are running opaque 'blobs' of closed-sourced code, and they are essentially independent of the main processor that runs e.g. SFOS.

simosagi ( 2020-01-21 00:52:39 +0300 )edit

@simosagi Qualcomm modems that are integrated in SoC probably don't have any writeable memory that can persist after device poweroff. If they had one, it wouldn't be necessary to load firmware for modem initialization.

0xe4524ffe ( 2020-01-21 01:08:36 +0300 )edit

Does a factory reset protect against malware?

3 Answers

Comments

Comments

Comments

Question tools

Stats

Related questions

Does a factory reset protect against malware?

3 Answers

Comments

Comments

Comments

Question tools

Public thread

Stats

Related questions