The following scenario, I own a Huawei P30 Lite with Android 10. I have a 17-digit pin as the lock screen and my files folder also has a 17-digit pin. Now my cell phone is stolen and someone tries to restore or read my data.
I heard that the Android operating systems have a security system called AES-128, USB debugging is turned off.
As a good hacker can you still get the data?
Yes, I know that would not be economical for a thief, etc. But would it work to bypass the 17-digit lock screen and get the data? Or simply connect the cell phone to the laptop and read out the data with a certain tool?
The pin can probably still be levered out, depending on how bad the operating system is (with some devices you can easily get through security holes in the system). The files can be read out by brute force. In that case, that might take a day.
No.
The entire file system of the device is encrypted. The encryption is carried out by a secure crypto processor in the chipset. Only this knows the secret key and can then encrypt and decrypt the data on behalf of the operating system when it moves back and forth between flash memory and operating system.
If you flash or reset the device, the key is discarded and the data is unusable.
The files can be read out by brute force. In that case, that might take a day.
As far as I know, the drive encryption key is not simply generated from the PIN.
In the system-on-chip there's a separate crypto processor, the so-called secure element, which executes its own firmware. This generates and stores key material with a secure random number generator and never gives it outside to the normal operating system. On behalf of the operating system, it can then encrypt and decrypt data using the key material it owns.
The encryption is always done with a z. B. 128 bit long AES key, which was chosen at random by the Secure Element. Only if the operating system has previously given the correct PIN to the secure element will it then carry out the required process. If not, it will refuse. If there are too many unsuccessful attempts, it will discard the key material.
A brute force attack on the AES encryption itself would therefore have to take place (without "cooperation" of the secure element) not on the PIN but on the randomly chosen key, which is futile if the key is long enough and the random number generator used is secure is enough.
How do I know that the Huawei P30 Lite has a crypto processor? Is it built in or is it done via the operating system? I really don't know my way around. This means that if someone steals my mobile phone, it is impossible to get the data due to the 17-digit lock screen and the 17-digit pin for the folder I was able to create the pin under app lock
As far as I know, it is "mandatory" if the thing wants to advertise with "Android".
Secure key storage: https://source.android.com/security/keystore?hl=en
Authentication: https://source.android.com/security/authentication?hl=en
File system encryption: https://source.android.com/security/encryption/file-based?hl=en#key-derivation
There are even 256/512 bit long keys, not "only" 128 bit.
The crypto of modern mobile devices is really a "tough chunk". As far as I know, even the police and secret services are biting their teeth (provided there's no back door).
I didn't know, thank you very much for the effort to find out everything… That means my lock screen is enough so that nobody can get it, and if someone tries to read data without the lock pin fails in good German… Can you just explain to me briefly why I can load data on my PC with normal access? Is security only given if you have a lock screen or?
If I reset my cell phone myself and want to access the data again, would that work? Or do you always get a new aes key
If I reset my cell phone myself and want to access the data again, would that work? Or do you always get a new aes key
If you reset the phone, the data will be deleted. And yes, the keys are also regenerated.
If necessary, certain data, e.g. B. Contacts, synchronized and restored from the "cloud" when you log into your Google account. But basically the data is not on the device after the reset.
Can you just explain to me briefly why I can load data onto my PC with normal access?
You have to confirm at least once that you should be able to access files.
There's also no access to all data, but only to a specific directory (including subdirectories).
Ok, thank you very much… So I can assume that if my cell phone is stolen, they will never get the data without the 17-digit locking pin
"Never" is always difficult to say. I know z. B. Not whether you are using an SD card. If so, it is not always encrypted, for example. (Sometimes it is.) You could possibly read something out. There are always potential vulnerabilities, but the encryption is pretty good, yes.
No, I don't use an SD card