Android's flawed factory reset vulnerable to data recovery

Scorpus

Posts: 2,159   +239
Staff member

According to researchers at Cambridge University, around 500 million Android smartphones are vulnerable to a flaw in the factory data reset function that could allow the recovery of a wide range of data.

Following a series of tests, the researchers estimate that 500 million Android devices don't fully wipe data partitions that contain sensitive data, allowing the restoration of contact and message data from first- and third-party apps. In 80 percent of phones tested, the researchers were able to extract the Google master token after a factory reset, giving them access to Gmail and Calendar data.

The team also estimate that 630 million devices don't wipe SD cards and other places where pictures and videos are stored during the factory reset process. This is concerning for people who sell or give away used smartphones, who might think that sensitive data is removed after a factory reset, when in many cases it's still accessible.

It was also discovered that the flaw in Android's factory reset allows you to recover data with full-disk encryption enabled. During the reset process, the decryption key isn't wiped, and recovery of the "crypto footer" along with this key allows an attacker to crack the encryption offline.

The researchers experiments focused on 21 devices running Android versions from 2.3.x to 4.3. While Android 4.4 and newer weren't tested, it's "plausible" that devices running these versions of the OS are also vulnerable, according to the team.

One of the reasons why the Android factory reset function doesn't work properly is due to a lack of drivers that would allow NAND chips to be wiped completely. It's quite difficult to wipe flash storage completely, which is why manufacturers have struggled to implement the factory reset functionality correctly.

While the researchers recommended a series of technical changes be made to the factory reset process in Android to help improve its effectiveness, there's not a whole lot a user can currently do to prevent data recovery. You can fill up the NAND on your smartphone with random files after a factory reset to overwrite free space, but the best method to ensure the safety of your data is to destroy the device completely.

Permalink to story.

 
Isn't the 'proper' way of factory resetting an android smartphone involves the turning off of the device, then 'press volume up, press home key, press power on button, all at the same time', then selecting 'wipe data/factory reset', and doing it again but selecting 'wipe cache partition' this time?
 
My devices aren't worth much because I keep them for a LONG TIME (in phone speak, that means 1-2 years). So, if I'm worried, have hammer will travel.
 
Interesting. What if the user wipe the device twice and encrypt it both times, will the first crypto footer/key still be recoverable?
 
Back