Hello. Recent Lifehacher article [1] rose a privacy-related question in my head -- how to protect user personal data if phone is stolen?
First of all - I assume that phone was stolen for it's physical contents (and not to steal your data), so attacker will likely just to turn it on, and won't attempt any more sophisticated type of attack. What could be done to prevent such attacker from obtaining of e.g. my saved browser sessions? Personally I can see three easy ways of protection (aka without entry of additional passwords and physically connection of key-congaing storage devices). Both include have having some kind of encrypted file system image stored in phone file system. Of course it should use key-based encryption, so the main challenge is to provide easy way to enter key (without need to remember any new meaningless number-digit mumbo-jumbo "password"). 1) Auth using PIN number (this requires encrypted image presence in phone file system by it's boot time end -- not reallyl convenient if SD card is used). 2) Auth using key file accessible on network (when phone is connected to your computer or local network). This means that auth can be performed only in your place (home, work...). 3) Auth using presence of another bluetooth or WiFi device (the MAC address of this device is used as key). This means that phone fully unlocks when your bluetooth mouse or router are around. ;) AFAIK the best way to use such encrypted data in device like mobile phone (taking in account that any kind of encryption requires processor and processor requires electricity), it would be nice to create temporary file system in phones' RAM, copy encrypted data to it (during the copy also unencrypting it) and make applications to use data from RAM while operating the phone. But how to sync data from RAM back to encrypted file system? By the way, I'm writing this mail just to ask - does anyone has any other ideas or proposals? Or, maybe, it is already implemented, tested and I'm inventing bicice? [1] http://lifehacker.com/393336/protect-your-stolen-mobile-phone _______________________________________________ Openmoko community mailing list [email protected] http://lists.openmoko.org/mailman/listinfo/community
