Hi,
How does Graphene OS secure the phone from physical malicious access, such as rubber ducky etc?
Thanks
Hi,
How does Graphene OS secure the phone from physical malicious access, such as rubber ducky etc?
Thanks
Figuroz You can disable the possibility to allow new USB devices while the device is locked.
You're mistaken. It says that:
"The purpose is reducing attack surface for a locked device with active login sessions to user profiles to protect data that's not at rest"
And specifically states that:
"A USB device already connected at boot will still work. "
So, I'm really worried about this one.
Figuroz Connecting the device during boot doesn't pose a threat your data, because at that point, all of your data is encrypted at rest before the first unlock.
The threat model of that feature is to make it so someone can't connect a device to your phone while it's locked and data is not at rest. This doesn't come into play until you unlock your phone the first time after a reboot.
The moment you reboot, the data is at rest again until you unlock it once more etc.
GrapheneOS also provides the auto reboot feature for this exact reason. You can have the phone reboot after a set amount of time to place your data back at rest.
Furthermore, On GrapheneOS, you can "end session" for secondary user profiles while the device is still running to put that profile's data at rest without having to fully reboot the entire device.
We're talking about different things here, I think.
Securing data is not my concern here. Physical access to the device can pose many security threats. I just didn't find anything that specifically talking about this(or I missed?).
Figuroz How does Graphene OS secure the phone from physical malicious access, such as rubber ducky
The attacker would have to have your phone and need your passcode. Otherwise can't access anything. Before the boot the phone is encrypted so if you insert your Rubber ducky, it cannot access encrypted data and if you boot the system, you still need that passcode, so that the Rubber ducky could get something. If you have a phone and passcode, you don't need the Rubber ducky, and if you don't have the phone and passcode, user wouldn't (I hope) unlock the phone with USB device connected.
If you have Rubber ducky you can simulate it yourself.
And if the OP is worried about malicious USB device exploiting a potential vuln and persisting malware on the phone before it boots, verified boot helps with that, phone won't boot if firmware is not properly signed.
More concerning than having someone take your phone and trying to break into it, is someone coercing you into unlocking it and THEN taking it and trying to break into it. Coercion in this circumstance can be in multiple forms, such as threat of physical violence (typically thugs), or threat of legal action (typically government in certain jurisdictions).
I generally believe that there should be options for (a) data self destruct, and (b) loading a decoy profile and removing any indicator of there being other profiles. These could be triggered by special pin/passcode/fingerprint.