Other issues in this category (26)
Protection from a soldering iron
Friday, March 13, 2020
Can Dr.Web Anti-theft protect data if JTAG and chip-off techniques are employed to extract it?
A question from a reader who commented on the issue They will fish out everything
That's a good question. Let's recall two things before we answer it.
The first is what the Anti-theft can actually do.
Dr.Web Anti-theft locks a device and pinpoint its location if it gets lost or stolen.
Furthermore, Dr.Web Anti-theft can:
- Lock a devices upon receiving a corresponding SMS command
- Reset a device to its factory settings and delete all data from the device's memory;
- Lock a device whenever it is restarted;
- Lock a device if the SIM card is not on the trusted SIM list;
- If an incorrect password is entered 10 times on a locked (note this word!) device:
- and if Dr.Web runs as a device administrator, it will do a factory reset (all installed applications will be removed and all personal data, photos, SMS messages and contact information, as well as the contents of the memory card, will be deleted);
- If Dr.Web is not set as a device administrator, personal data will be deleted from the device.
In other words, if you didn't lock the device in time and it hasn't been restarted, no personal data will be deleted.
So, you think you have deleted the data. However:
Technically, it is still present in the memory area that has been marked as free storage space.
The data may be marked as deleted, but the actual storage area may not have been cleared (this takes a while).
First, in most cases deleting a file merely removes the link to it or a portion of the file—the storage space is considered to be free, but the data is not removed and will only be overwritten by other data. Numerous data-recovery utilities take advantage of this feature. But even if you write new information on top of the old data or resize the disk partition (or even format the drive!), the old data may still be recoverable. That becomes possible because the previous record remains unrewritten at the edges of the track. To erase the data completely, one needs to comply with specific data storage and removal standards.
That means that the data can indeed be recovered: just arm yourself with a soldering iron and carry on.
Moreover, some data won't even be deleted. That happens because devices determine automatically which storage areas are unusable and stop using them. But the data that has previously been written into those areas persists.
The eMMC controller writes data into NAND memory cells. When a cell wears out, it is marked as unusable, but the information that has been written into it won't be erased. This in turn means that unusable cells will store your data forever if it hadn't been encrypted previously, there is no way to protect it afterwards.
The Anti-virus Times recommends
Dr.Web Anti-theft can delete data if it receives the corresponding command. Therefore, if you have something to hide (from your competitors, wife, or parents), keep your data encrypted!