So, since I have some security bypass 0day for Android 5.0, then no, a powered up device is NOT safe using this algorithm ;)
On Mon Nov 03 2014 at 11:20:49 PM 'Shawn Willden' via Android Security Discussions <[email protected]> wrote: > On Sat Nov 01 2014 at 3:09:23 PM Tal Palant <[email protected]> wrote: > >> I looked there and many more resources on Android encryption and couldn't >> find the answer, that's why i'm asking here. >> > > From the documentation link Jeff provided: "The actual encryption used for > the filesystem for first release is 128 AES with CBC and ESSIV:SHA256". > > That's the answer. It uses CBC with ESSIV, not XTS. > > Here's confirmation from the source: > https://cs.corp.google.com/#android/system/vold/cryptfs.c&q=cryptfs.c&sq=package:%5Eandroid$&l=3093 > > CBC with EESIV does have a malleability issue, allowing an attacker to > modify known-plaintext sectors, setting every other block to an > attacker-chosen value (and making the remaining blocks random). So in the > event someone obtains your phone they can modify data on it to chosen > values, presumably to some values which will cause it to misbehave in some > way useful to them when you get it back and start using it. However, if > they can do that they could also just change the software on the system > partition, which would be a much easier and more effective exploit. > > Android FDE is intended to preserve the confidentiality of your data in > the event someone obtains your powered-down[*] device. It is not secure > under a threat model that assumes the attacker can make arbitrary > modifications to device storage without your knowledge and then return it > to you. This would be the case with XTS as well. > > > [*] It should also be able to maintain confidentiality in the event > someone obtains your powered-up but locked device, but only if there are no > exploitable vulnerabilities that allow the lock screen to be bypassed. I > should point out that security is dependent on the choice of a > sufficiently-strong password, which hardly anyone uses. > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to > [email protected]. > Visit this group at > http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
