So I have a debate in my head right now about how I should handle devices stored unattended in vehicles. The criteria:
- Devices have new versions of Android
- Pass phrases or many-digit pins are used
- Biometric login is set up (but can’t be used in Lockdown Mode)
- Have Bitwarden installed with biometric auth for the vault
- Has SSH keys on the device
I’m not worried about nation state attacks, but am considering the vector of a tech savy thief, and want to keep SSH keys and other device data secure. Assume they cannot be stored in a vault.
Is storing the phones on but in Lockdown mode enough, or should I turn them off completely? Off would be super annoying to wait for boot every time, but I’m not totally sure how KEK works for an encrypted device with biometrics set up but in Lockdown Mode where they are disabled.
Lockdown mode takes very expensive equipment to bypass
When you reboot, the user data encryption key is flushed from memory, and your unlock code is necessary to decrypt the KEK (key encryption key) held by the TPM / SE chip (which also applies rate limiting). All common attacks on unpowered devices are bruteforce with rate limit bypass.
In lockdown mode the KEK stays in memory so app state and user data is there, but the CPU is in a state which prevents access to it until unlocked with your code. There’s a few more attacks possible, but most are completely blocked by the fact that USB data connectivity is also disabled in this state. You practically have to open up the device to pull data out.
Tldr no ordinary thief will even try.
The bigger risk is having it stolen while unlocked. Make sure you have revocation options ready for keys held on the device
Thank you, this is what I expected, but wanted to be sure. I do have rotation plans in place, so covered there, too.