Jump to content

Can the bootloader be locked?

okayphoneme

By okayphoneme,
in Pro1 - Thoughts & questions

 Share Followers 0

Recommended Posts

mcdinner

mcdinner 375

Posted
Posted (edited)

yes, you can lock it via adb/fastboot.

reboot to bootloader. 

adb reboot bootloader

then you can lock it via fastboot 

fastboot oem lock

this one worked for my actual phone, if it throws an error try one of those 

fastboot oem relock

fastboot flashing lock

if no error occured you can reboot with  

fastboot reboot



but be aware that unlocking the bootloader again will wipe you phone.

Edited by mcdinner
addition
  • Thanks 6
Link to post
Share on other sites
okayphoneme

okayphoneme 28

Posted
  • Author
Posted
37 minutes ago, mcdinner said:

yes, you can lock it via adb/fastboot.

reboot to bootloader. 


adb reboot bootloader

then you can lock it via fastboot 


fastboot oem lock

this one worked for my actual phone, if it throws an error try one of those 


fastboot oem relock

fastboot flashing lock

if no error occured you can reboot with  


fastboot reboot



but be aware that unlocking the bootloader again will wipe you phone.

Awesome, thanks!

Link to post
Share on other sites
silversolver

silversolver 849

Posted
Posted
9 hours ago, okayphoneme said:

I understand that the Pro1 comes with an unlocked bootloader. This is great for installing other operating systems, but leaving the bootloader unlocked is a massive security liability. Is it possible to lock down the bootloader?

How? Are you saying that rootkits/bootkits for Android are a thing? Otherwise, what is the harm? As I see it, the only thing that a locked bootloader hinders is customization.

Link to post
Share on other sites
okayphoneme

okayphoneme 28

Posted
  • Author
Posted
59 minutes ago, silversolver said:

How? Are you saying that rootkits/bootkits for Android are a thing? Otherwise, what is the harm? As I see it, the only thing that a locked bootloader hinders is customization.

The harm is that someone can install stuff on your phone if they have physical access to it. In the past, there have been attacks where crypto keys were recovered from unlocked devices (and locking it would have protected against the attack), for example.

Link to post
Share on other sites
silversolver

silversolver 849

Posted
Posted
1 hour ago, okayphoneme said:

The harm is that someone can install stuff on your phone if they have physical access to it. In the past, there have been attacks where crypto keys were recovered from unlocked devices (and locking it would have protected against the attack), for example.

No one with physical access to my devices is smart enough to install a game since I disable or remove every single Google thing on it, including the store. :O You're worried about so-called "evil maid" attacks, apparently. I'm not worried about that, and would hardly call it a security nightmare under normal usage, but it is nice to know that locking the bootloader is possible for those who wish it. The folks at F(x)tec promised a device that could be customized to virtually anyone's wishes, and they really have delivered. Bravo! Now to get mine........:O Whenever that package arrives it'll be Christmas, my birthday, and payday all at once. :)

  • Like 2
Link to post
Share on other sites
Craig

Craig 1,435

Posted
Posted

I think more likely if a "bad guy" got ahold of my pro1, they'd be more likely to steal it, than install malware on it.

 I've always kept my smartphones unlocked, didn't even know there was any risk involved.  And now that I know there is, I'm willing to take that risk.

It's like that write protect jumper on some pc motherboards for bios; first time I remove it to flash bios, I never bother putting it back, and I'd imagine that's riskier than not relocking android bootloader.

  • Like 1
Link to post
Share on other sites
Zamasu

Zamasu 258

Posted
Posted

Wouldn't simple encryption stop any sort of attack that you could achieve via an unlocked bootloader? You can't change the ROM to something similar but with added software if you can't de-encrypt the current ROM. Best you can do is change it to something similar, but that should be noticed. I don't get how it's an issue.

 

  • Like 1
Link to post
Share on other sites
okayphoneme

okayphoneme 28

Posted
  • Author
Posted

Whenever anyone raises these concerns about security, there are always folks who chime in to say they don't mind the risks, and that is perfectly fine and understandable, and maybe it is a reasonable position to take if you don't put sensitive things on your phone, but I for one care about security and privacy and you need a strong foundation to build these things on.

Encryption only covers user data, not the system files, and as I mentioned above, there are attacks which may be able to extract keys from a device with an unlocked bootloader. Most Android users are using PINs / patterns or weak passwords and so the encryption is worthless to someone with a bit of knowledge and determination.

PCs are of course at risk too, I can't argue with that, but at least I can physically protect my PC and I can encrypt the entire system.

  • Thanks 1
Link to post
Share on other sites
silversolver

silversolver 849

Posted
Posted
On 11/23/2019 at 7:56 AM, okayphoneme said:

Whenever anyone raises these concerns about security, there are always folks who chime in to say they don't mind the risks, and that is perfectly fine and understandable, and maybe it is a reasonable position to take if you don't put sensitive things on your phone, but I for one care about security and privacy and you need a strong foundation to build these things on.

Encryption only covers user data, not the system files, and as I mentioned above, there are attacks which may be able to extract keys from a device with an unlocked bootloader. Most Android users are using PINs / patterns or weak passwords and so the encryption is worthless to someone with a bit of knowledge and determination.

PCs are of course at risk too, I can't argue with that, but at least I can physically protect my PC and I can encrypt the entire system.

The thing that puzzles me is how an attacker would get it away from you long enough to do something with it. If you lost it, the odds of it getting to someone who desired something beyond a free phone is fairly low, and if it's with you, near zero. It's definitely a risk I'm willing to take. Then again, I don't keep much on my phone and don't lock it or my key-in-ignition vehicles or my house because I live in a reasonably safe area, and other people might live in an area where phones are routinely stolen at gunpoint, and have sensitive data on their phone, and feel the need to take additional steps.

If my account starts posting spam suddenly, someone stole my phone. :O

  • Haha 2
Link to post
Share on other sites
netman

netman 1,424

Posted
Posted
5 minutes ago, silversolver said:

The thing that puzzles me is how an attacker would get it away from you long enough to do something with it. If you lost it, the odds of it getting to someone who desired something beyond a free phone is fairly low, and if it's with you, near zero. It's definitely a risk I'm willing to take. Then again, I don't keep much on my phone and don't lock it or my key-in-ignition vehicles or my house because I live in a reasonably safe area, and other people might live in an area where phones are routinely stolen at gunpoint, and have sensitive data on their phone, and feel the need to take additional steps.

If my account starts posting spam suddenly, someone stole my phone. 😮

The FBI arrests you and you have incriminating evidence stored on your phone, if the bootloader is unlocked they will likely not have too much of a hard time to get in.

  • Thanks 1
Link to post
Share on other sites
silversolver

silversolver 849

Posted
Posted (edited)
2 minutes ago, netman said:

The FBI arrests you and you have incriminating evidence stored on your phone, if the bootloader is unlocked they will likely not have too much of a hard time to get in.

Haha, if the FBI wants your data, they'll get it whether the bootloader is locked or not LOL! My strategy is to not do things which would attract their attention. :P

Edited by silversolver
comment
  • Thanks 1
  • Haha 1
Link to post
Share on other sites
netman

netman 1,424

Posted
Posted
2 minutes ago, silversolver said:

Haha, if the FBI wants your data, they'll get it whether the bootloader is locked or not LOL! My strategy is to not do things which would attract their attention. 😛

Well the point is someone could take the phone while you have secrets inside, and if you have the bootloader locked and the filesystem encrypted it may be very hard to get to that data while otherwise it is not.

Link to post
Share on other sites
silversolver

silversolver 849

Posted
Posted
1 minute ago, netman said:

Well the point is someone could take the phone while you have secrets inside, and if you have the bootloader locked and the filesystem encrypted it may be very hard to get to that data while otherwise it is not.

My life is an open book. However, for those who do have a need to keep secret data on their phone for some reason, certainly the steps you suggest might be prudent.

Link to post
Share on other sites
netman

netman 1,424

Posted
Posted
Just now, silversolver said:

My life is an open book. However, for those who do have a need to keep secret data on their phone for some reason, certainly the steps you suggest might be prudent.

I think the majority of people has at least some levels of secret on their phones, ranging from credit card numbers to naughty pictures and passwords.

Link to post
Share on other sites
SteffenWi

SteffenWi 139

Posted
Posted

So, actual question: What exactly is preventing someone from - you know - just unlocking the boot loader after you locked it? Last time I checked all you needed was a code from the company that manufactured the device. Which anyone can get a hold of fairly easily (all you need is the IMEI of the device).

Link to post
Share on other sites
netman

netman 1,424

Posted
Posted
2 minutes ago, SteffenWi said:

So, actual question: What exactly is preventing someone from - you know - just unlocking the boot loader after you locked it? Last time I checked all you needed was a code from the company that manufactured the device. Which anyone can get a hold of fairly easily (all you need is the IMEI of the device).

You have to unlock the phone to unlock the bootloader with  that code (or without, many devices don't need a code). There's no easy way to bypass the lockscreen if it is set up for pattern lock or the likes, at least when the bootloader is locked.

Link to post
Share on other sites
mcdinner

mcdinner 375

Posted
Posted
53 minutes ago, SteffenWi said:

So, actual question: What exactly is preventing someone from - you know - just unlocking the boot loader after you locked it? Last time I checked all you needed was a code from the company that manufactured the device. Which anyone can get a hold of fairly easily (all you need is the IMEI of the device).

Your phone will be completely wiped, so you should recognize if there was some tampering in place.

  • Thanks 2
Link to post
Share on other sites
damion

damion 60

Posted
Posted
On 11/23/2019 at 1:30 PM, Zamasu said:

Didn't know that, I figured full disk encryption is full disk encryption, but apparently Google disagrees. Yeah, then I can see it being a problem.

Your phone has to be decrypted to boot, so it would have to hold the key and essentially be useless if somebody can get to the bootloader.  If the key is your pin, the firmware/os managing that input is vulnerable to evil maid via unlocked bootloader.

These are extremely unlikely to affect many people who keep hold of the device most of the time.  But some people do have things to hide, and should be relieved that they have the option of locking the bootloader.  And that if anyone tries to unlock it it would wipe the phone.

Some companies will not permit you to to sign in with your company credentials unless the phone is running the latest patched OS, will have device policy apps installed and will require a locked bootloader.

  • Like 2
Link to post
Share on other sites
silversolver

silversolver 849

Posted
Posted
48 minutes ago, abielins said:

Just go through US customs. They search and clone phones routinely on a random basis.

The Supreme Court just smacked them down hard on that. I believe that they did the right thing, although many people with whom I generally agree are weeping about it. Funny world....

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Followers 0
Go to topic listing
×
×
  • Create New...

Important Information

Terms

  I accept