With the help of 3 critical vulnerabilities left by Tinno. If an attacker manages to get a physical access to your device, he has multiple ways to get your data. Let's assume as a hypothesis that the device is protected by a PIN code and the developer options are disabled 2/
-
Show this thread
-
1st scenario: 1. Reboot in bootloader mode 2. fastboot oem unlock-tinno Thanks to this backdoor aka "forgotten" fastboot command, you can unlock the bootloader without wiping your data
3/pic.twitter.com/ngRjQ7stHn
2 replies 5 retweets 22 likesShow this thread -
As the phone bootloader is unlocked when a thief gets their hands on it, they can boot a custom recovery environment. From the recovery mode, they could use the adb command to access all the data on your device. This bypasses any PIN or password used to secure your device. 4/
2 replies 1 retweet 10 likesShow this thread -
Replying to @fs0c131y @WikoMobile and
Is /data not encrypted on these phones?
1 reply 0 retweets 0 likes -
Replying to @MishaalRahman @WikoMobile and
I didn't test for /data in this usecase but I just checked and encryption is not enabled on the device I have. I didn't modify it so I guess it's the default value.
1 reply 0 retweets 0 likes -
Replying to @fs0c131y @WikoMobile and
If /data is encrypted then even with an unlocked bootloader without wiping data the data would be secure
1 reply 0 retweets 0 likes -
Replying to @MishaalRahman @WikoMobile and
Need to be tested but I'm pretty sure it's not. I manage to get the content of /data/data/<app-name> in clear without unlocking the phone. Only condition in this usecase is dev options enabled
1 reply 0 retweets 0 likes -
Replying to @fs0c131y @WikoMobile and
Did that phone you tested on have a lockscreen password/pin/pattern enabled? The encryption key is generated based on that
1 reply 0 retweets 0 likes -
Replying to @MishaalRahman @WikoMobile and
Yes the phone I tested have a PIN code! Let's assume your device is locked with a PIN/password/pattern and dev options are enabled: 1. Boot your device 2. Plug it 3. adb shell setprop persist.tinno.debug 1 4. adb shell ls /data/data 5. adb pull /data/data/<app-name>
1 reply 0 retweets 0 likes -
Replying to @fs0c131y @WikoMobile and
I'm not sure what Android version that phone is running, but on some older versions it offers to use your PIN on startup (ie. enable encryption). You should verify if encryption is actually enabled.
1 reply 0 retweets 0 likes
It's Android 6.0 http://world.wikomobile.com/m1301-freddy As said, encryption is disabled by default on the device I have so no PIN during the startup
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.