Reply to post: Re: Physical Access

'Pork Explosion' flaw splatters Foxconn's Android phones

Christian Berger

Re: Physical Access

"Concentrate on making the encryption secure"

Actually secure encryption on a mobile device is mostly an illusion. Encryption always requires you to have a secret which is ungessable. However entering a secret is virtually impossible on a touchscreen. Even if you could use a strong passphrase, since your device will be always on, you can often just fish the secret out of RAM.

Storing a secret un a security chip doesn't solve the problem, as there are multiple attacks against chips theese days. Pay-TV companies use the most secure chipcards you can have on a budget, and yet they have in the past regularly broken their competitor systems.

So actually your chances of security are best if you root your device and install some propper Linux OS. Once you have iptables you can enforce actual security by only allowing your device to talk to your server. (big security benefit!) Then use ssh with public key authentication and make the server erase you key regularly so you are forced to rekey.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon