Samsung Privacy-Protecting Maintenance Mode Is Coming To Galaxy S22s Worldwide (theverge.com) 13
Samsung is starting to roll out a "Maintenance Mode" feature for its phones that's designed to keep your messages, photos, info, and accounts safe when you're getting your phone repaired. The Verge reports: According to Samsung's press release, Maintenance Mode basically creates a separate user account that will let someone access "core functions" of the phone without being able to see any of your data. That means a repair tech will still be able to test your phone, but you won't have to worry about them seeing anything they shouldn't. Once you get your phone back, you can unlock it to turn off Maintenance Mode, which will also undo anything that was done while the phone was being repaired (e.g., test photos will be erased, new apps will be uninstalled, and settings changes will be reversed).
Samsung says the feature will be "gradually rolling out over the next few months" to select phones running the Android 13-based One UI 5 -- if you want an idea of when your phone might be getting that update, check out this article. It'll also roll out to "more Galaxy devices" throughout next year. The company does warn, however, that the "timing of availability may vary by market, model and network provider," as updates can take a while to filter through carriers.
Samsung says the feature will be "gradually rolling out over the next few months" to select phones running the Android 13-based One UI 5 -- if you want an idea of when your phone might be getting that update, check out this article. It'll also roll out to "more Galaxy devices" throughout next year. The company does warn, however, that the "timing of availability may vary by market, model and network provider," as updates can take a while to filter through carriers.
Valet Key (Score:3)
Better to back up and reset the device if unsupervised repair is required.
Re: (Score:2, Informative)
In this case, it's encryption that protects you. And unless they screw it up (which is to be fair completely possible) it's pretty good, too. The tech can wipe your data, but can't see it... assuming they're using functionality already in Android.
Re: (Score:2)
And unless they screw it up (which is to be fair completely possible) it's pretty good, too.
*Dons tinfoil hat* Or there's an intentional backdoor built in. *Removes tinfoil hat*
The tech can wipe your data, but can't see it... assuming they're using functionality already in Android.
I seem to recall they implemented the "wipe your data" functionality for this exact reason. To prevent personal data from leaking to a third party when the phone wasn't in the owner's possession. Which, if I'm remembering correctly, involved encrypting the user data partition with a unique per user key. Then wiping the key when requested. (The lack of a full wipe was to prevent wear and tear of the flash chip.)
If this n
Re: (Score:2)
The classic "evil maid" attack comes to mind. Yes, the phone may be in a secured state, but if someone is able to bypass Knox and install something (perhaps via a Magisk-like mechanism), they can probably get the password or PIN later on.
If a phone needs repair, and I am able to, I just nuke the thing completely. Makes it less stress for the repair guy anyway when they realize there is no information of value on the device they need to worry about.
Re: (Score:2)
But still, resetting your phone won't do much if your ssd drive wasn't encrypted to begin with. Repair techs will be able to recover them, that's their job.
They know how to do that stuff.
Re: (Score:2)
But still, resetting your phone won't do much if your ssd drive wasn't encrypted to begin with. Repair techs will be able to recover them, that's their job.
Virtually all android phones are encrypted by default these days, the functionality was introduced in Android 6 in 2015. In between there were a bunch of devices for which you had to turn it on, but at least it was there.
Re: (Score:2)
I think the rule is anyone with physical access to your device can get to anything
It certainly is here on Slashdot where the concepts of disk encryption with keys stored in a trusted core such a say a TPM model scares people more than an abortion doctor scares a republican senator.
Re: (Score:2)
This needs to be in AOSP... (Score:3)
This type of functionality needs to be in Android itself, as well as via the device makers. Right now, modern Android phones use file based encryption (something on F2FS, ext4, or eventually btrfs since it has fscrypt added recently). A few generations ago, Android used dm-crypt to encrypt the /data partition, but file based encryption allows the phone to work and access sections of the filesystem.
The big problem with this maintenance mode is concern about an evil maid attack. Something put in that might not be factored in the TEE boot process, but gets injected to snarf the user's password. After that, the executable could set the key aside on the local device, or send it to a server via a HTTPS GET message. How does one know the device is still in a secure state after maintenance mode is done, unless there is some assurance that the phone's TPM isn't going to allow userdata to be accessed. Even with this, one might be able to obtain metadata about user files, which could be something quite useful.
Overall, this is a positive security step. At least it allows some security, and it would be nice if AOSP supported this, so other phone makers could hop on this bandwagon.
Of course, having a universal dump/backup mechanism would be nice as well, so one could dump a phone to USB OTG or via ADB an encrypted backup, wipe the phone, then restore the backup, just for far more assurance that no private data would fall into the wrong hands.
Re: (Score:2)
It's mostly aimed at stopping random technicians who do screen and battery replacements from snooping on your data. It isn't designed to protect against the kinds of sophisticated attacks you describe, which would need zero day vulnerabilities to execute.
Re: (Score:2)
Right now, modern Android phones use file based encryption (something on F2FS, ext4, or eventually btrfs since it has fscrypt added recently). A few generations ago, Android used dm-crypt to encrypt the /data partition, but file based encryption allows the phone to work and access sections of the filesystem.
Android has supported encrypted volumes for five versions now. Formats are carried out by forgetting the key.
Needed For Old Models (Score:2)
Would be a nice to have feature for when they launch their free repair of the #GSOD campaign [youtube.com]