okayphoneme 28 Posted November 22, 2019 Share Posted November 22, 2019 I understand that the Pro1 comes with an unlocked bootloader. This is great for installing other operating systems, but leaving the bootloader unlocked is a massive security liability. Is it possible to lock down the bootloader? Quote Link to post Share on other sites
mcdinner 375 Posted November 22, 2019 Share Posted November 22, 2019 (edited) yes, you can lock it via adb/fastboot. reboot to bootloader. adb reboot bootloader then you can lock it via fastboot fastboot oem lock this one worked for my actual phone, if it throws an error try one of those fastboot oem relock fastboot flashing lock if no error occured you can reboot with fastboot reboot but be aware that unlocking the bootloader again will wipe you phone. Edited November 22, 2019 by mcdinner addition 6 Quote Link to post Share on other sites
okayphoneme 28 Posted November 22, 2019 Author Share Posted November 22, 2019 37 minutes ago, mcdinner said: yes, you can lock it via adb/fastboot. reboot to bootloader. adb reboot bootloader then you can lock it via fastboot fastboot oem lock this one worked for my actual phone, if it throws an error try one of those fastboot oem relock fastboot flashing lock if no error occured you can reboot with fastboot reboot but be aware that unlocking the bootloader again will wipe you phone. Awesome, thanks! Quote Link to post Share on other sites
okayphoneme 28 Posted November 22, 2019 Author Share Posted November 22, 2019 This should work with any custom ROM, right? Quote Link to post Share on other sites
mcdinner 375 Posted November 22, 2019 Share Posted November 22, 2019 yes 2 Quote Link to post Share on other sites
silversolver 849 Posted November 22, 2019 Share Posted November 22, 2019 9 hours ago, okayphoneme said: I understand that the Pro1 comes with an unlocked bootloader. This is great for installing other operating systems, but leaving the bootloader unlocked is a massive security liability. Is it possible to lock down the bootloader? How? Are you saying that rootkits/bootkits for Android are a thing? Otherwise, what is the harm? As I see it, the only thing that a locked bootloader hinders is customization. Quote Link to post Share on other sites
okayphoneme 28 Posted November 22, 2019 Author Share Posted November 22, 2019 59 minutes ago, silversolver said: How? Are you saying that rootkits/bootkits for Android are a thing? Otherwise, what is the harm? As I see it, the only thing that a locked bootloader hinders is customization. The harm is that someone can install stuff on your phone if they have physical access to it. In the past, there have been attacks where crypto keys were recovered from unlocked devices (and locking it would have protected against the attack), for example. Quote Link to post Share on other sites
silversolver 849 Posted November 23, 2019 Share Posted November 23, 2019 1 hour ago, okayphoneme said: The harm is that someone can install stuff on your phone if they have physical access to it. In the past, there have been attacks where crypto keys were recovered from unlocked devices (and locking it would have protected against the attack), for example. No one with physical access to my devices is smart enough to install a game since I disable or remove every single Google thing on it, including the store. :O You're worried about so-called "evil maid" attacks, apparently. I'm not worried about that, and would hardly call it a security nightmare under normal usage, but it is nice to know that locking the bootloader is possible for those who wish it. The folks at F(x)tec promised a device that could be customized to virtually anyone's wishes, and they really have delivered. Bravo! Now to get mine........:O Whenever that package arrives it'll be Christmas, my birthday, and payday all at once. :) 2 Quote Link to post Share on other sites
Craig 1,435 Posted November 23, 2019 Share Posted November 23, 2019 I think more likely if a "bad guy" got ahold of my pro1, they'd be more likely to steal it, than install malware on it. I've always kept my smartphones unlocked, didn't even know there was any risk involved. And now that I know there is, I'm willing to take that risk. It's like that write protect jumper on some pc motherboards for bios; first time I remove it to flash bios, I never bother putting it back, and I'd imagine that's riskier than not relocking android bootloader. 1 Quote Link to post Share on other sites
Zamasu 258 Posted November 23, 2019 Share Posted November 23, 2019 Wouldn't simple encryption stop any sort of attack that you could achieve via an unlocked bootloader? You can't change the ROM to something similar but with added software if you can't de-encrypt the current ROM. Best you can do is change it to something similar, but that should be noticed. I don't get how it's an issue. 1 Quote Link to post Share on other sites
okayphoneme 28 Posted November 23, 2019 Author Share Posted November 23, 2019 Whenever anyone raises these concerns about security, there are always folks who chime in to say they don't mind the risks, and that is perfectly fine and understandable, and maybe it is a reasonable position to take if you don't put sensitive things on your phone, but I for one care about security and privacy and you need a strong foundation to build these things on. Encryption only covers user data, not the system files, and as I mentioned above, there are attacks which may be able to extract keys from a device with an unlocked bootloader. Most Android users are using PINs / patterns or weak passwords and so the encryption is worthless to someone with a bit of knowledge and determination. PCs are of course at risk too, I can't argue with that, but at least I can physically protect my PC and I can encrypt the entire system. 1 Quote Link to post Share on other sites
Zamasu 258 Posted November 23, 2019 Share Posted November 23, 2019 32 minutes ago, okayphoneme said: Encryption only covers user data Didn't know that, I figured full disk encryption is full disk encryption, but apparently Google disagrees. Yeah, then I can see it being a problem. Quote Link to post Share on other sites
silversolver 849 Posted November 26, 2019 Share Posted November 26, 2019 On 11/23/2019 at 7:56 AM, okayphoneme said: Whenever anyone raises these concerns about security, there are always folks who chime in to say they don't mind the risks, and that is perfectly fine and understandable, and maybe it is a reasonable position to take if you don't put sensitive things on your phone, but I for one care about security and privacy and you need a strong foundation to build these things on. Encryption only covers user data, not the system files, and as I mentioned above, there are attacks which may be able to extract keys from a device with an unlocked bootloader. Most Android users are using PINs / patterns or weak passwords and so the encryption is worthless to someone with a bit of knowledge and determination. PCs are of course at risk too, I can't argue with that, but at least I can physically protect my PC and I can encrypt the entire system. The thing that puzzles me is how an attacker would get it away from you long enough to do something with it. If you lost it, the odds of it getting to someone who desired something beyond a free phone is fairly low, and if it's with you, near zero. It's definitely a risk I'm willing to take. Then again, I don't keep much on my phone and don't lock it or my key-in-ignition vehicles or my house because I live in a reasonably safe area, and other people might live in an area where phones are routinely stolen at gunpoint, and have sensitive data on their phone, and feel the need to take additional steps. If my account starts posting spam suddenly, someone stole my phone. :O 2 Quote Link to post Share on other sites
netman 1,424 Posted November 26, 2019 Share Posted November 26, 2019 5 minutes ago, silversolver said: The thing that puzzles me is how an attacker would get it away from you long enough to do something with it. If you lost it, the odds of it getting to someone who desired something beyond a free phone is fairly low, and if it's with you, near zero. It's definitely a risk I'm willing to take. Then again, I don't keep much on my phone and don't lock it or my key-in-ignition vehicles or my house because I live in a reasonably safe area, and other people might live in an area where phones are routinely stolen at gunpoint, and have sensitive data on their phone, and feel the need to take additional steps. If my account starts posting spam suddenly, someone stole my phone. 😮 The FBI arrests you and you have incriminating evidence stored on your phone, if the bootloader is unlocked they will likely not have too much of a hard time to get in. 1 Quote Link to post Share on other sites
silversolver 849 Posted November 26, 2019 Share Posted November 26, 2019 (edited) 2 minutes ago, netman said: The FBI arrests you and you have incriminating evidence stored on your phone, if the bootloader is unlocked they will likely not have too much of a hard time to get in. Haha, if the FBI wants your data, they'll get it whether the bootloader is locked or not LOL! My strategy is to not do things which would attract their attention. :P Edited November 26, 2019 by silversolver comment 1 1 Quote Link to post Share on other sites
netman 1,424 Posted November 26, 2019 Share Posted November 26, 2019 2 minutes ago, silversolver said: Haha, if the FBI wants your data, they'll get it whether the bootloader is locked or not LOL! My strategy is to not do things which would attract their attention. 😛 Well the point is someone could take the phone while you have secrets inside, and if you have the bootloader locked and the filesystem encrypted it may be very hard to get to that data while otherwise it is not. Quote Link to post Share on other sites
silversolver 849 Posted November 26, 2019 Share Posted November 26, 2019 1 minute ago, netman said: Well the point is someone could take the phone while you have secrets inside, and if you have the bootloader locked and the filesystem encrypted it may be very hard to get to that data while otherwise it is not. My life is an open book. However, for those who do have a need to keep secret data on their phone for some reason, certainly the steps you suggest might be prudent. Quote Link to post Share on other sites
netman 1,424 Posted November 26, 2019 Share Posted November 26, 2019 Just now, silversolver said: My life is an open book. However, for those who do have a need to keep secret data on their phone for some reason, certainly the steps you suggest might be prudent. I think the majority of people has at least some levels of secret on their phones, ranging from credit card numbers to naughty pictures and passwords. Quote Link to post Share on other sites
SteffenWi 139 Posted November 26, 2019 Share Posted November 26, 2019 So, actual question: What exactly is preventing someone from - you know - just unlocking the boot loader after you locked it? Last time I checked all you needed was a code from the company that manufactured the device. Which anyone can get a hold of fairly easily (all you need is the IMEI of the device). Quote Link to post Share on other sites
netman 1,424 Posted November 26, 2019 Share Posted November 26, 2019 2 minutes ago, SteffenWi said: So, actual question: What exactly is preventing someone from - you know - just unlocking the boot loader after you locked it? Last time I checked all you needed was a code from the company that manufactured the device. Which anyone can get a hold of fairly easily (all you need is the IMEI of the device). You have to unlock the phone to unlock the bootloader with that code (or without, many devices don't need a code). There's no easy way to bypass the lockscreen if it is set up for pattern lock or the likes, at least when the bootloader is locked. Quote Link to post Share on other sites
mcdinner 375 Posted November 26, 2019 Share Posted November 26, 2019 53 minutes ago, SteffenWi said: So, actual question: What exactly is preventing someone from - you know - just unlocking the boot loader after you locked it? Last time I checked all you needed was a code from the company that manufactured the device. Which anyone can get a hold of fairly easily (all you need is the IMEI of the device). Your phone will be completely wiped, so you should recognize if there was some tampering in place. 2 Quote Link to post Share on other sites
damion 60 Posted November 26, 2019 Share Posted November 26, 2019 On 11/23/2019 at 1:30 PM, Zamasu said: Didn't know that, I figured full disk encryption is full disk encryption, but apparently Google disagrees. Yeah, then I can see it being a problem. Your phone has to be decrypted to boot, so it would have to hold the key and essentially be useless if somebody can get to the bootloader. If the key is your pin, the firmware/os managing that input is vulnerable to evil maid via unlocked bootloader. These are extremely unlikely to affect many people who keep hold of the device most of the time. But some people do have things to hide, and should be relieved that they have the option of locking the bootloader. And that if anyone tries to unlock it it would wipe the phone. Some companies will not permit you to to sign in with your company credentials unless the phone is running the latest patched OS, will have device policy apps installed and will require a locked bootloader. 2 Quote Link to post Share on other sites
SteffenWi 139 Posted November 26, 2019 Share Posted November 26, 2019 2 hours ago, mcdinner said: Your phone will be completely wiped, so you should recognize if there was some tampering in place. huh, I seemed to have forgotten that. Thanks for reminding me :). 1 Quote Link to post Share on other sites
enPfzr4v 239 Posted November 26, 2019 Share Posted November 26, 2019 12 hours ago, silversolver said: The thing that puzzles me is how an attacker would get it away from you long enough to do something with it Just go through US customs. They search and clone phones routinely on a random basis. Quote Link to post Share on other sites
silversolver 849 Posted November 26, 2019 Share Posted November 26, 2019 48 minutes ago, abielins said: Just go through US customs. They search and clone phones routinely on a random basis. The Supreme Court just smacked them down hard on that. I believe that they did the right thing, although many people with whom I generally agree are weeping about it. Funny world.... Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.