Feature #3145
panic message to lock all open databases
| Status: | New | Start date: | 03/27/2014 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | - | |||
| Target version: | 0.2 | |||
| Component: |
Description
omnirom has a very clever feature that is a solid defense against forensics: if the lock screen is enabled and someone connects to USB with adb, the phone automatically powers off. Then if you have Full disk encryption, your device is fully locked and encrypted.
I could see this tying into cacheword for an even quicker response: when cacheword gets this same signal, it could lock all open databases. That would be a much sneakier defense since the forensics device would still be able to get the phone data, but all the sensitive data would be encrypted and locked. So it would not arise suspicion since it would look no different, versus the phone shutting down.
This could also be implemented outside of being tied into the lock screen if it was some kind of generic broadcast message. It seems that the worst abuse that could happen would be DoS launched by a local app.
History
#1 Updated by abeluck almost 4 years ago
- Target version set to 0.2
This is interesting. Can we get that signal in vanilla AOSP? Have any links to implementation details?
#2 Updated by hans almost 4 years ago
ping pulser in freenode/#omnirom, he's the author and he told me about it. Tell him I sent you, I'm sure he'd happily discuss the details
#3 Updated by hans almost 4 years ago
#4 Updated by abeluck almost 4 years ago
So rebooting is definitely not a possibility without root, custom rom, or system signed package.
However, detecting USB events might work, though I'm not sure if they'd work with forensic devices (e.g., celbrite)
Relevant android documentation:
- https://developer.android.com/reference/android/hardware/usb/UsbManager.html
- https://developer.android.com/guide/topics/connectivity/usb/index.html
- https://developer.android.com/reference/android/os/PowerManager.html#isScreenOn()
- https://developer.android.com/training/monitoring-device-state/battery-monitoring.html
- https://developer.android.com/training/monitoring-device-state/docking-monitoring.html
- https://developer.android.com/reference/android/hardware/SensorEventListener.html (maybe some sensors fire on usb plug?)
- https://developer.android.com/reference/android/provider/Settings.Global.html#ADB_ENABLED
- https://developer.android.com/reference/android/provider/Settings.Secure.html#ADB_ENABLED
Relevant other info:
- https://stackoverflow.com/questions/8317331/detecting-when-screen-is-locked
- https://stackoverflow.com/questions/6762671/how-to-lock-the-screen-of-an-android-device
- https://stackoverflow.com/questions/4600896/android-detecting-usb
- https://stackoverflow.com/questions/5283491/android-check-if-device-is-plugged-in
#5 Updated by abeluck almost 4 years ago
another idea: check for processes running as the shell user.
#6 Updated by hans almost 4 years ago
If you just want to lock cacheword, rebooting is not necessary. I think the simplest version of this would be a big improvement. Just detect any kind of USB event when the lock screen is enabled, then lock cacheword then.