How to strengthen Unlocked bootloader against physical attacks like evil maid?

Possibly linux · 1 year ago

How to strengthen Unlocked bootloader against physical attacks like evil maid?

jet@hackertalks.com · 1 year ago

Lock the bootloader again. You can relock it on most phones, especially Pixel phones.

That way if anybody messes with the bootloader your data gets wiped.

I don’t know if lineage has this option but some Android ROMs do,. Periodic reboots. Force your phone back into its secure off state. Couple that with a boot password which is longer than your unlock password and you’re in a pretty good position. Graphene OS does this. But I’m sure it’s available in other operating systems

You might consider setting up a work profile, using shelter. Have your work profile unlock with a different factor. Either fingerprint, or if you use fingerprint for your main unlock, then use a code. Then you’ll need two factors to run apps in your work profile.

AureumTempus@lemmy.world · edit-2 11 months ago

deleted by creator

Possibly linux · edit-2 1 year ago

I use lineage os on Motorola phones so I can’t lock the bootloader. (Lineage os doesn’t support it anyway)

I never considered rebooting though. That’s not a bad idea. The only problem is that it resets the system uptime. (Uptime can be a tamper indicator)

jet@hackertalks.com · 1 year ago

There’s different threat scenarios you need to consider. Somebody taking your phone, somebody tampering with your phone but leaving it with you, somebody remotely accessing your phone.

I thought we were just talking about the somebody taking your phone scenario. You could set up a task on your phone to check for a Bluetooth device say every 5 to 10 minutes. If it doesn’t see it turn off. Hopefully you’re comfortable with your phones powered off state being secure.