So I have a debate in my head right now about how I should handle devices stored unattended in vehicles. The criteria:

  • Devices have new versions of Android
  • Pass phrases or many-digit pins are used
  • Biometric login is set up (but can’t be used in Lockdown Mode)
  • Have Bitwarden installed with biometric auth for the vault
  • Has SSH keys on the device

I’m not worried about nation state attacks, but am considering the vector of a tech savy thief, and want to keep SSH keys and other device data secure. Assume they cannot be stored in a vault.

Is storing the phones on but in Lockdown mode enough, or should I turn them off completely? Off would be super annoying to wait for boot every time, but I’m not totally sure how KEK works for an encrypted device with biometrics set up but in Lockdown Mode where they are disabled.

  • Moonrise2473
    link
    fedilink
    English
    arrow-up
    7
    ·
    3 days ago

    Tech savvy thiefs will just use their knowledge to wipe the phone and flip it quickly for a tenth of what you paid it for; won’t try to extract keys from RAM