webOS Nation Forums >  webOS Discussion >  webOS Discussion Lounge > FCC releases Smartphone Security Checker
FCC releases Smartphone Security Checker
  Reply
Like Tree2Likes
  • 1 Post By GMMan
  • 1 Post By GMMan

 
Thread Tools Display Modes
Old 12/23/2012, 06:15 AM   #1 (permalink)
Member
 
Posts: 75
The FCC released a customizable smartphone security checker today that gives you the top 10 things you can do to secure your phone's OS. Here's the link:

http://www.fcc.gov/smartphone-security

Not surprisingly WebOS is not on the list. I'm thinking that the community should release our own top 10 things that WebOS fans can do to secure their phone. Any takers?
mjensen71 is offline   Reply With Quote
Old 12/23/2012, 08:25 AM   #2 (permalink)
Member
 
xandros9's Avatar
 
Posts: 911
Quote:
Originally Posted by mjensen71 View Post
The FCC released a customizable smartphone security checker today that gives you the top 10 things you can do to secure your phone's OS. Here's the link:

http://www.fcc.gov/smartphone-security

Not surprisingly WebOS is not on the list. I'm thinking that the community should release our own top 10 things that WebOS fans can do to secure their phone. Any takers?
well currently we have pretty strong security through obscurity.

I guess turning off Dev Mode is a step.
xandros9 is offline   Reply With Quote
Old 12/23/2012, 08:48 AM   #3 (permalink)
Member
 
Posts: 75
Great start! Thanks Xandros9. I guess enabling a pin for your start up screen would be another security feature.

Once we've got a list maybe I'll edit the OP with a top 10 list.
mjensen71 is offline   Reply With Quote
Old 12/23/2012, 02:40 PM   #4 (permalink)
Member
 
GMMan's Avatar
 
Posts: 2,136
Quote:
Originally Posted by xandros9 View Post
well currently we have pretty strong security through obscurity.

I guess turning off Dev Mode is a step.
Actually it's impossible to make webOS impenetrable as long as there's physical access. Dev Mode can be enabled by booting from installer ramdisk and adding the novacom marker back in. PIN lock can be disabled by removing the file with the encrypted PIN. The PIN itself can be decrypted if the encryption key is known (it involves a constant, and maybe the nduid, which is easily obtainable). webOS CE has the PIN lock algorithm changed into a hash, so at least that's a bit more secure. (The PIN is, if it exists, used by Key Manager to decrypt account credentials.)

The DB and file cache partitions are encrypted, but they're only somewhat secure if the device itself was not operational.

So the most physically secure devices would be a TouchPad Go (no public Doctor), and a device running Luna CE (hash instead of reversible encryption). For all other devices, credentials can't be read, but existing data can still be read.
__________________
Contact: @GMMan_BZFlag (me on Twitter)
webOS Releases: Change your App Catalog country: TouchPad/PC | TouchPad/webOS Resources | Search suggestion patch for browser | Cycling Email Notifications | Don't Doctor! Make a good support request. | How to post logs | webOS Charge Monitor
GMMan is offline   Reply With Quote
Liked by dignitary likes this.
Old 12/23/2012, 07:20 PM   #5 (permalink)
Member
 
Posts: 75
Wow GMman, I'd heard WebOS wasn't very secure but I didn't realize just how porous it is. What about remote erase if you lose your phone? Can that be easily bypassed or defeated?
mjensen71 is offline   Reply With Quote
Old 12/23/2012, 07:59 PM   #6 (permalink)
Member
 
GMMan's Avatar
 
Posts: 2,136
Quote:
Originally Posted by mjensen71 View Post
Wow GMman, I'd heard WebOS wasn't very secure but I didn't realize just how porous it is. What about remote erase if you lose your phone? Can that be easily bypassed or defeated?
At least on the TouchPad, it uses a service for wipe verification. Supposedly if the service is deleted the device can't wipe. However, the service is only a component, and I haven't looked into the entire system.
__________________
Contact: @GMMan_BZFlag (me on Twitter)
webOS Releases: Change your App Catalog country: TouchPad/PC | TouchPad/webOS Resources | Search suggestion patch for browser | Cycling Email Notifications | Don't Doctor! Make a good support request. | How to post logs | webOS Charge Monitor
GMMan is offline   Reply With Quote
Liked by dignitary likes this.
Old 12/23/2012, 08:34 PM   #7 (permalink)
Member
 
Remy X's Avatar
 
Posts: 1,381
Quote:
Originally Posted by mjensen71 View Post
Great start! Thanks Xandros9. I guess enabling a pin for your start up screen would be another security feature.

Once we've got a list maybe I'll edit the OP with a top 10 list.
Enabling a PIN can be an issue in itself due to a bug that can cause the phone to wipe itself when it gets bumped a few times in the user's pocket. So, tread carefully
Remy X is offline   Reply With Quote
Reply

 

Thread Tools
Display Modes



 


Content Relevant URLs by vBSEO 3.6.0