• Home
  •  > 
  • Browser plugins
  •  > 
  • What does encryption failure mean on a megaphone tablet? Encrypting data on Android devices

What does encryption failure mean on a megaphone tablet? Encrypting data on Android devices

The FBI tried to twist their hands through the court Apple, unwilling to create code to bypass own system security. A critical vulnerability has been discovered in the Android kernel that allows superuser access to bypass all security mechanisms. These two events, although unrelated, coincided in time, clearly demonstrating the differences in the security system of the two popular mobile operating systems. Let's put aside the critical vulnerability issue for a moment. Android kernels, which is unlikely to ever be fixed by most manufacturers in already released models, and consider the data encryption mechanisms in Android and Apple iOS. But first, let’s talk about why encryption is needed in mobile devices at all.

Why encrypt your phone?

An honest person has nothing to hide - the most popular leitmotif that sounds after every publication on the topic of data protection. “I have nothing to hide,” many users say. Alas, much more often this only means the confidence that no one will bother to get into the data of a particular Vasya Pupkin, because who is interested in them at all? Practice shows that this is not so. We won’t go far: just last week, the career of a school teacher who left her phone on the table for a moment ended with her dismissal. The students instantly unlocked the device and took out photographs of the teacher in a form that is condemned by the puritanical morality of American society. The incident served as sufficient grounds for the teacher's dismissal. Stories like this happen almost every day.

How unencrypted phones are hacked

We won't go into detail, just keep in mind: data from an unencrypted phone can be recovered in almost a hundred percent of cases. “Almost” here refers rather to cases where the phone was attempted to be physically damaged or destroyed immediately before the data was removed. In many Android devices and Windows Phone There is service mode, which allows you to drain all data from the device’s memory via a regular USB cable. This applies to most devices on the Qualcomm platform (HS-USB mode, working even when the bootloader is locked), on Chinese smartphones With MediaTek processors(MTK), Spreadtrum and Allwinner (if the bootloader is unlocked), as well as all smartphones manufactured by LG (there is generally a convenient service mode that allows you to merge data even from a “bricked” device).

But even if the phone does not have a service “back door”, data from the device can still be obtained by disassembling the device and connecting to the JTAG test port. In the most advanced cases, the eMMC chip is removed from the device, which is inserted into a simple and very cheap adapter and operates using the same protocol as the most common SD card. If the data was not encrypted, everything can be easily extracted from the phone, down to the authentication tokens that provide access to your cloud storage.

What if encryption was enabled? In older versions of Android (up to 4.4 inclusive), this could be bypassed (with the exception, however, of devices made by Samsung). But in Android 5.0, a strong encryption mode finally appeared. But is it as useful as Google thinks it is? Let's try to figure it out.

Android 5.0–6.0

The first device under Android control 5.0 became Google Nexus 6, released in 2014 by Motorola. At that time, 64-bit software was already being actively promoted. mobile processors with ARMv8 architecture, but Qualcomm did not have ready-made solution on this platform. As a result, the Nexus 6 used the Snapdragon 805 chipset, based on Qualcomm's own 32-bit cores.

Why is this important? The fact is that processors based on the ARMv8 architecture have a built-in set of commands to speed up stream data encryption, but 32-bit ARMv7 processors do not have such commands.

So watch your hands. There are no instructions for accelerating crypto in the processor, so Qualcomm has built into the system logic set a dedicated hardware module designed to perform the same functions. But something didn’t work out for Google. Either the drivers were not completed at the time of release, or Qualcomm did not provide source codes(or did not allow them to be published on AOSP). The details are unknown to the public, but the result is known: Nexus 6 shocked observers extremely slow speed reading data. How slow? Something like this:

The reason for the eightfold lag behind the “little brother”, the smartphone Motorola Moto X 2014, simple: forced encryption implemented by the company on program level. IN real life Nexus 6 users on the original firmware version complained of numerous lags and freezes, noticeable heating of the device and relatively poor battery life. Installing a kernel that disables forced encryption immediately solved these problems.

However, firmware is such a thing, you can finish it, right? Especially if you are Google, have unlimited finances and have the most qualified developers on your staff. Well, let's see what happened next.

And then there was Android 5.1 (six months later), in which necessary drivers to work with a hardware accelerator, they were first added in the preliminary version of the firmware, and then removed again in the final version due to serious problems with sleep mode. Then there was Android 6.0, at the time of its release users had already lost interest in this game and began to disable encryption by any means, using third-party kernels. Or don’t disable it if a read speed of 25–30 MB/s is enough.

Android 7.0

Okay, but could Android 7 fix a serious problem with a flagship device that is almost two years old? It’s possible, and it’s been fixed! The ElcomSoft lab compared the performance of two identical Nexus 6s, one running Android 6.0.1 with the ElementalX kernel (and encryption disabled), while the other was running the first pre-release version. Android versions 7 with default settings (encryption enabled). The result is clear:

Continuation is available only to subscribers

Option 1. Subscribe to Hacker to read all materials on the site

Subscription will allow you to read ALL paid materials on the site within the specified period. We accept payments by bank cards, electronic money and transfers from mobile operator accounts.

On modern phones and tablets we store a lot of important and even confidential information. It could be personal photos, correspondence, audio recordings, logins, passwords, details bank cards and more. Often, users do not think about ways to protect such data until, for example, they lose a gadget. In the worst case, it falls into the hands of criminals who will gladly use your information for personal purposes. Sometimes that's the whole point. How to protect personal data?

Encryption and its meaning

To protect data, a regular screen lock password is most often used, for example, graphic lock or digital password. But often this method turns out to be unreliable. If you want one, and then all your personal data will be at your fingertips. More in an effective way is encryption. The user himself will not feel much difference, but if the gadget is lost, even if attackers can somehow bypass the lock password, they will not have access to your data. This encryption is done quite simply:

  • "Settings";
  • "Security" and "Encryption".

After this, you will need to enter the code and wait some time until all the data is encrypted, this may take quite a while. for a long time, especially if their volume is large. It happens that over time you may see the message Android encryption failed, what should you do in this case?

Encryption failure: how to fix the problem?

In order to avoid similar problems, you should always back up your data. For example, the Google cloud can become a reliable storage, this best option for all Android users. If you didn’t do this and saw a message about encryption failure, the main thing is not to rush to press the “Reset phone” button.

First, remove the external memory card, the data on it is not encrypted, this is provided for by the OS developers' policy. Only then can you press this button, but be prepared for the possibility that you may lose personal data.

Only in rare cases, after rebooting the system, the failure is eliminated; in other cases, it will be necessary to roll back until the failure was detected.

Be careful about data encryption so as not to become a victim of your own vigilance.

Starting with Android 4.2, you can encrypt the entire device using the operating system itself Android systems. However, you do not need to purchase or install any additional applications. Everything is done using our own resources operating system, and Internet access is not required for this. You can encrypt your data any time you see fit.

Android encryption

Encryption works like this: after enabling encryption, all data on the device and on the memory card will be encrypted. Of course, if someone unlocks your device, they will still have access to the data, however, this will save your data if someone tries to steal the memory card or read the data without turning on the smartphone from it internal memory. He won't succeed, since the data will be encrypted.

When you turn on your smartphone, you will need to enter a password to decrypt the data. Without entering the password, the smartphone will not boot further. This is not just a PIN code, it is a key that encrypts your data.

There are some things you should know about device encryption:

  • Encryption is only possible in one direction. Once encrypted, the device cannot be decrypted. You can only reset it to factory settings, but in this case you will lose all data.
  • Encrypting the entire device slows down the smartphone. Basically, in the era of 8-core processors and with the volume RAM from 1 GB it will not cause you any trouble. For more weak devices The “braking” will be noticeable.
  • Encrypting your device will not save your data in the event that someone asks to view your smartphone, and at that moment either installs a Trojan, or simply manually sends some data of interest to their phone. Only a crypto container can protect against such cases: after all, to access the data inside the container, you will need to enter another password that the attacker does not know.

If you want to encrypt your entire device, go to Settings, Security, then click the Encrypt phone (or Encrypt tablet) button under Encryption. Then follow the instructions.

An error like this can only appear if the user initially turned it on (on a tablet or other mobile device).

This function protects personal data stored in the memory of the Android device. Encryption in in this case produced by the ICS system using a 128-bit master key. If a password or PIN code is set to unlock the screen, then Android by default selects it as the “source” for creating a decryption master key.

After enabling the encryption function, each time the OS is rebooted, the device will prompt given password or pin.

However, no system works without errors and periodically the Android encryption also fails here, which makes unexpected changes to the 16 kilobyte master key.

Such a failure can “arrive” at any moment, so in order to be sure not to lose necessary information always save backups data. To do this, for example, you can make a backup to your Google account.

Otherwise, the cost of decrypting the card will be much more expensive than the cost of all the information stored in the phone’s memory (which will need to be decrypted). In the worst case, decryption will take so much time that the information will long ago lose its relevance.

Android encryption error: what to do?

So, what should you do if your phone says “encryption failed”? This message appears before loading graphical shell for the reason that the module responsible for encryption (Cryptfs) is loaded one of the first. It allows all other modules to decrypt settings, read data from the cache and load a full version of the OS.

  1. 1. First, you need to remove it from the device microSD card. Due to politics Google information it is not encrypted by default, and, accordingly, this data may still remain accessible.

The worst thing you can do now is press the only soft button on the screen - Reset phone.

After activating it (in most cases), you can say goodbye to the information stored in the /data and possibly /sdcard folder.

  1. 2. After removing the card, try rebooting your Android device using the mentioned button. If you were unable to resolve the encryption failure on your tablet the first time, try a few more times: perhaps the key is simply not loaded correctly due to an error in the code located on the external card.

Unfortunately, in most cases a reboot does not fix the encryption failure, since either the internal map Android devices or its controller.

  1. 3. If restarting the phone/tablet did not help resolve the encryption failure, you should “roll back” the firmware and install new version cryptographic module: so that the device can be used.

This will require external card, preferably at least 8 GB (you can use the “old” one if all important data has been backed up), on which temporary partitions /data and /sdcard will be saved.

  1. 4. Insert the microSD card into your Android device.

The next stage is preparing the phone for flashing. To do this you need to enter the mode Android recovery. Depending on the model and manufacturer of the device, access to this mode can be done in different ways, but the most common key combination is simultaneous pressing the power and volume down buttons hold for one to two seconds.

In recovery mode, find the properties of the SD card and divide it into segments that will be allocated to the above sections. For the /data area, 2 GB of memory should be enough.

For "swap" select 0M. The map preparation process will take some time - during this time you can download latest version ICS corresponding to your phone/tablet model.

After downloading, save it to an already partitioned SD card.

On at this stage in recovery mode the option should be activated

You use your Android smartphone (tablet) to save personal photos, read important emails, make online purchases using your credit card, edit and transfer important documents? If your answer is yes, then you should think about encrypting your device.

Unlike the iPhone, Android devices They don't automatically encrypt the data stored on them, even if you use a password to unlock the device, but if you're using Android Gingerbread 2.3.4 or higher, it's easy to enable encryption.

Encrypting your phone means that if the phone is locked, the files are encrypted. Any files sent and received from your phone will not be encrypted unless you use additional methods.

The only difference between an unencrypted and an encrypted phone from a user's perspective is that you will now have to use a password to unlock the phone (tablet).

If your phone is not encrypted, then the password is just a screen lock. In fact, in this case, the password simply locks the screen - that is, it does nothing to protect the files stored on the device. So, if attackers find a way to bypass the lock screen, then they get full access to your files.

If the phone is encrypted, the password is the key that decrypts the encrypted files.

That is, when the phone is locked, all data is encrypted, and even if attackers find a way to bypass the lock screen, then all they find is encrypted data.

How to enable encryption on an Android device?

1. Open the Settings menu.

2. In Settings, select Security > Encryption (Encrypt device).

3. According to the requirements, you need to enter a password of at least six characters, according to at least one of which is a number.

As soon as you set a password, the process of encrypting your files will begin. Encryption may take an hour or more, so you must turn on the charger before encryption begins.

Once the encryption process is complete, you're done! Make sure to save your password in a safe place because you will now need it every time you want to access your phone. Please note that if you forget your password, there is currently no way to recover it.

In fact, encryption of Android devices along with obvious advantages It also has significant disadvantages:

  1. Imagine that every time you want to make a call you have to dial complex password. I wonder how long it will take for you to get tired of it?
  2. You will not be able to decrypt an encrypted device; this is simply not provided. To decrypt, there is only one way - to reset the phone to factory settings. In this case, of course, all your data will be lost. This will look especially interesting if you forget to make a backup copy first.

Thus, today there is a difficult choice - either you encrypt your device and put up with huge inconveniences, or you get ease of use, but at the expense of security. Which path will you choose? I don't know. Which path would I choose? I can’t answer either. I just don't know.

Vladimir BEZMALY , MVP Consumer Security, Microsoft Security Trusted Advisor