Idea: Reboot before attempting unlock.

IguanaDagger

The user reboots their phone before entering credentials on first unlock, ensuring a clean state. Don't think it can be added as a feature, since any requirement to reboot enforced in software can be bypassed on compromise.

Just to throw this idea out there. Originated as a brain fart. Might be useful if compromise suspected, or may be best practice for high security. Highly unlikely though, I think.

raccoondad

IguanaDagger "The user reboots their phone before entering credentials on first unlock"

BFU mode is started after a reboot already, memory is cleared during reboot

IguanaDagger

raccoondad Yes. However, the device could be compromised between boot and entering credentials. Scenario: phone was stolen, auto-rebooted and then attacker compromised phone via exploitation. Rebooting could ensure the phone starts in a clean state, if the payload, somehow (if possible) placed in persistent storage, does not reapply exploit on each boot.

raccoondad

IguanaDagger If an attacker could do remote execution on BFU then there are probably bigger issues that a reboot cannot fix. for example, I imagine they could infect unencrypted portions of the user data (such as application data) that would be persistent and executed.

I just feel like this is more security theater than actual exploit mitigation since remote code execution in this situation is sort of a killing force. If you are able to sideload a virus then it doesn't really matter if the exploit itself is cleared after reboot