Unlocked Bootloader Security Risk

I own a Samsung S10+ with iodé (bought from iodé). It works fine but lately I started to think about switching to a Google Pixel and install xxx (you know what but I don’t want to mention it on your site). The reason for this is that iodé (like it’s “father” lineageos) has an unlocked bootloader. This is a big security risk. Therefore I feel more and more uncomfortable with my phone. For minimizing the attack surface, I am looking for a device that is non-rooted and has a custom ROM with a locked bootloader.

… is relative depending on how you look at it, and presents itself to me in theory and practice very differentiated.

In 99.9% of custom ROMs, the bootloader remains unlocked and thus offers an increased attack surface. But how big is the real chance that these gaps are exploited by malicious software and criminal elements?

I know of three Android device families (“I don’t want to mention it on your site)”) where the bootloader is relocked after installing a custom ROM . Fairphone is one of them.

Hello Fidèles and Iodysseus, can you specify for novices these problems of unlocked boot loader flaws?
Bonjour Fidèles et Iodysseus, pouvez-vous préciser pour les novices ces problèmes de failles du chargeur de démarrage déverrouillé ? (j’ai un problème avec mon traducteur)

@Patrice, this matter is complex and controversial. Don’t let an unspecified statement drive you crazy and sit back and relax. iodéOS is ‘a thousand times’ more privacy friendly than any googled Stock Android.

Ce sujet est complexe et controversé. Ne vous laissez pas déconcerter par une déclaration non spécifiée et détendez-vous. iodéOS est mille fois plus respectueux de la vie privée que n’importe quel stock Android googlé.

A device with an unlocked bootloader can only be compromised by a physical access to it: pluging it to a computer and changing the recovery, the system, … The data cannot be directly accessed though, as decrypting it requires the user pin code or schema (which can unfortunately be bypassed with some manipulations - changing the recovery, deleting a system data file, which still requires a physical access to the device).

1 Like

Merci iodysseus pour votre réponse et votre bienveillance.

So if my phone gets stolen, is it technically possible to read my data (my emails (Fairmail) for example, which are stored in the phones storage) without knowing my pin?

hardly, but yes
data partition is encrypted and will be decrypted with pin
with a unlocked bootloader it is possible to manipulate the phone and so on the data
It takes a lot of effort, but it’s doable

but why should a thieft do this effort?
in 99,9% there are interested in my phone. steal it, remove sim, reset it. as fast as possible.

so for me, i don’t have the fear that someone will steal my phone to get my data. my fear is to loose it or to get it stolen, but not that somebody get my data.
but this are just my 2 cents… :wink:

1 Like

So if I understood correctly, the encryption just slows down attacker to get data, but doesn’t actually protect data 100% ? If I use 16 chars long password, is the situation same? What is the worth of encryption, if it’s possible to pass it?

Is there anything else to enchance the security or the encryption, when bootloader is unlocked?

If passing the encryption was easy enough, the thief would certainly take the data for himself before resetting the phone. That’s why it’s good to discuss the matter and understand for yourself how easy or difficult it is in practice. Otherwise, you cannot understand the security of the device you are using.

I honestly don’t know what else to say or discuss here. everything relevant has already been mentioned several times and we just keep going in circles.
what do you want out

I think the discussion has been mainly on a general level.
Some practical questions:

  • So if I understood correctly, the encryption just slows down attacker to get data, but doesn’t actually protect data 100% ? If I use 16 chars long password, is the situation same? Does password strength matter or does manipulations work with strong password as well? Please correct me if I have understood something wrong.

  • What is your opinion, are these manipulations easy or hard to run? If you know the process, is it about the same to every phone model, which runs LineageOS based rom?

  • Is there anything else to enhance the security or the encryption, when bootloader is unlocked?

I have read from elsewhere (https://www.reddit.com/r/LineageOS/comments/5w5uuc/psa_keep_your_data_safe_after_unlocking_bootloader/) that strong password would enhance the encryption and makes harder (impossible in practice?) to steal data, but it is in contradiction to what vince said, that pin code (password) can be bypassed entirely with manipulations. That’s why i’m trying to understand what is true and what is not and discussing about this.

I did some more research on this.
Evil maid attack seems to be the case when attacker can steal your password via malicious code. It requires physical access to the device and installing keylogger. At least I didn’t find information suggesting that encrypted partition with strong password could be cracked without knowing the password first.

If I lose my phone, changes that the one who finds it, has this kind of skills, is very, very minimal. This is the reason why i personally don’t bother to stress too much of this.

In the long run I would still prefer a device which doesn’t give an opportunity to install any code without my password. I have invested in a phone that is more privacy oriented. So privacy is something I care about. In my PC I can disable “boot from usb” and lock bios with password. With my phone I currently cannot close the hole. I can live with that, because I’m not yet president of my country (not even prime minister). Not a potential target to be hacked.

It is possible to install software from F-droid to give you an option to wipe phone remotely, if it gets lost. Even if some one finds and returns it, wiping removes risk of evil maid attack when you start using it again and log in.

Instead of pin code i now use 12 character long password which prevents force brute attack.

Hi, try wasted, it’s available on f-droid. It gives you the possibility to lock (and wipe) your phone sending an SMS message.
Another interesting app is finder, it locates your phone remotely, once again via SMS.

1 Like