Hacker News new | past | comments | ask | show | jobs | submit login

Great piece. Get thee to a "Secure Enclave" supported device, everyone.



John Kelley (@johnhedge), former Apple security engineer, says that Secure Enclave isn't protected against that kind of tampering, so that's not a solution, either. Until manufacturers start going to embedded HSMs, anyway.


Or any rooted android. Good luck in defeating LUKS. No custom firmwares will help them.


Make sure you set high enough LUKS master key iteration counts, and/or very complex password, so that they can't image the LUKS header and brute-force your passphrase off-device.


A rooted android is even less secure.


If you say so

https://blog.torproject.org/blog/mission-impossible-hardenin...


a rooted android is probably easiest to own over the air with a push notification, so yeah, that's a great idea! NOT


Could you expand a little on what you're referring to? Is this a specific vulnerability?


A powered down device rarely has that vulnerability.


A powered down device isn't exactly terribly useful.


You can't send a powered down phone a push notification for post-hoc analysis.

You would have had to know the target and push a vulnerability beforehand, which wouldn't have helped in this case.


So power it on? It will still boot with encryption. Isn't Android encryption is an extension of ext4 and only protects some data. It's not full disk / LUKS last I knew.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: