Install malicious firmware / software with TWRP

Hi everyone,

I was thinking about how my smartphone could resist if somebody would have it in its hands.
My Samsung Galaxy J5 2015 is encrypted.

  1. Everybody can access TWRP, so everybody could secretly flash a modified version of /e/, that would send everything (password, pictures, etc) to the bad guy and spy on me, am I wrong ?

  2. Does the encryption and the password REALLY prevent somebody to access my phone and/or read the data ? Does a modified firmware could bypass the password screen ?
    If my password was part of the decryption key I would say no, but you can encrypt a phone even without setting a password, which means the decryption key is entirely on the phone and could be extract or used, am I wrong ?

  3. Is there a way to prevent this ?

Thank you :slight_smile:

1 Like

Hi,

I am not a smartphone specialist, but i think that if a malicious person has access to the phone:

  1. TWRP : it is an unsecured access. The data can be erased
  2. encrypt the phone is good, provided a password strong enough. It all depends on the skill level of the person. But the French police seems to have a parade, for example:
1 Like
  1. I’m not sure if the following is still a risk nowadays but it definitely has been a few years ago as encryption techniques changed rapidly:
    I know from an evil maid attack where someone gained device access, pulled the current system partition, modified it by installing a low level keylogger for logging the encryption password and then flashing it back. Another scenario would be a cold boot attack where the encryption keys remain in RAM just long enough after shutdown that they can also be read by an attacker.
    I’m pretty confident that if you loose your device in a turnt of state, it’s pretty hard for an attacker to access your encrypted data.

  2. As mentioned before, I think it does as long as an attacker only has access to a turnt off phone. I don’t think that only a modified firmware can bypass encryption, as encryption is only partially backed by hardware.

  3. To be honest, don’t install custom ROMs. As much as I dislike stock ROMs for ignoring users privacy etc, I tend to say that they are more secure in regards of physical attacks. Stock ROMs have locked bootloaders which disallow any attacker to installed a tempered OS which drastically reduces the possibilites of an attack. Once a bootloader is unlocked, no signature checking happens at boot time which allows any OS to boot.

These are just my 50 cents - I’m not sure if this is all correct as I’m not an expert when it comes to cryptography on android. Looking forward to somebody who has a bit more technical knowledg who could explain this matter more detailed:)

2 Likes

My personal meaning is, my device us a phone and not more. Storing high secure data on ut is a bad choice. Encrypted or not.

I think Edward Snowden will agree.

2 Likes

Actually I’ve never explicitly unlocked the bootloader. On 3 samsung phones, I’ve just flashed TWRP with Odin (the tool for Samsung phones to restore the stock ROM and install what you want) without any issue so I’m not sure there was a locked bootloader (which is weird).

I don’t have anything especially sensitive on it, but of course in a smartphone there might be a lot of data you want to keep for yourself. Like your messages, your email account’s token, etc etc.

Thank you for your reply :slight_smile:

No problem, my apps are all do have a pw lock, my ‘secure’ data is in safe app with encryped data base (keepass2android) and if really someone will get my phone in his hands, will break all passwords and will read my mails or telgram messages, ok, nothing worst will happen and my live will go the same way as before

As well I try to not store sensitive files on my smartphone.

Therefore I’ve tried the ability on Amaze to encrypt/decrypt a file. It works also with the fingerprint sensor.

But mainly for PDF files (ID, passport, driving licence), I use qpdf on my GNU/Linux desktop computer to encrypt. Sync the file on /e/.
It’s rather convenient for files encrypted with qpdf and 256 AES key can be read with Document Viewer on the smartphone.

1 Like

You can remove TWRP: https://www.theandroidsoul.com/remove-twrp-recovery-restore-stock-recovery/ (for example).

I had a Lineage OS phone without TWRP. It had its stock recovery which is very limited. It only lets you apply an update if the file is resident on your phone. So the phone could install its updates using its stock recovery (Lineage OS recovery or /e/ recovery?). Pretty sure you cant flash an entire new ROM so only do this if you want /e/ on your phone forever without having to go and install TWRP which would probably erase your data.

Just keep a good encryption password and that will block anyone from accessing your data if they get their hands on your device. Now if you lose your device with it on they would be faced with your pattern/login screen. They cant plug it in to a computer and get data because they have to bypass your login screen and then allow data transfer. Its just a matter of time anyway until they can get to your data in this case. When your phone stops downloading security updates it then becomes vulnerable to the expanding exploit market.

1 Like