1

I live in a country that is not fully authoritarian but is increasingly illiberal. State agencies have been caught misusing spyware to target activists and dissidents on multiple occasions. Given the kind of work I do, my threat model is that while it is unlikely that I would be targeted by a Pegasus-style targeted spyware attack, it is certainly not impossible. However, rather than a supply chain or physical device attack, the most likely vector for me would be some kind of remote vector attack. I have no evidence as yet that I have been targeted.

I have a choice at present. I am tempted to just physically get a new phone frequently - perhaps once a year or less - in the hope that that will ensure that if my device is compromised it will at least soon be replaced. Of course however this costs money.

On my present device, I have been using LineageOS in the hope that this will ensure more regular updates. Unfortunately for me :), Lineage discontinued my device soon after I acquired it, so it is still on Android 9 (Lineage 16). Recently however I've discovered that crdroid lists my device as officially supported and has official releases all the way to Android 11 available.

So I want to ask - if I reflash my phone with crDroid, how likely is it that any malware / spyware would be able to survive that? I know baseband OS hacks can survive reflashing, but I had the impression that most such hacks require physical access. Overall, is it safer to simply get a new phone?

user251709
  • 11
  • 2

3 Answers3

2

As long as your blootloader is unlocked, a spyware that has gained privilege escalation on your device can keep itself persistent across custom ROMs. Custom ROMs only flash /system and /boot partition. Some custom ROMs also flash /vendor partition. Other partitons like /radio, /misc, /persist and ODM partitons remain untouched by aftermarket development.

In locked bootloader, if vulnerabilities are not in Android Verified Boot (AVB) and SoC's secure boot, tampering with system and bootloader will brick the device on next reboot. To prevent the device from getting bricked, spyware apps gain temporary root after each reboot and these ones can be removed by factory reset of device or just by uninstalling the identified spyware.

Custom ROMs can deliver security updates for android framework only. OEMs also deliver security updates for underlying Linux kernel, drivers & firmwares, bootloader and Trusted Execution Environment (TEE). Known vulnerabilities in vendor components cannot be patched if OEM has dropped support for your device. Don't use custom ROMs that don't enforce SELinux. There is already an exploit to gain root in SELinux permissive mode | Explanation. SELinux permissive doesn't block processes for violating SELinux policies. It only reports them.

Another option is to use custom AVB which is only supported by Pixel and OnePlus. Custom AVB allows relocking of bootloader but with custom root of trust. This will ensure integrity protection of your custom ROM while also receiving security updates for android framework.

defalt
  • 6,851
  • 3
  • 26
  • 40
0

Firmware installed on chips itself always carries the risk that it remains even after reflashing. There was a talk on some emmc firmware hacking for smartphones:

https://media.ccc.de/v/34c3-8784-emmc_hacking_or_how_i_fixed_long-dead_galaxy_s3_phones

pyurdkb
  • 1
-2

There is an app called 'fileshredder' on PlayStore which shreds you're device's storage and fills it with 0's. Which I think is enough to remove any malware or file.

mrlova
  • 1
  • 3