Sending mobile to Mazuma without resetting it

DocQuincy

I have a broken Samsung S8 that Masuma will give me £110 for. The screen is broken that flashes with a green hue and you can just about make out what is on the screen. The home button is also completely stuck in.

S8s are encrypted by default. My password isn't that strong (I wanted something easy to enter) but is much stronger than a simple PIN. It is ten characters but only made up of a-z0-9.

While there is nothing massively sensitive on there I used the phone for work (I am self-employed) and what with all the noise made over the GDPR I am just being cautious about this.

The screen is too bad to be able to enter the password and do a reset as the keyboard flickers and jumps around.

I plugged it into a laptop I have running Fedora and an option came up to format it. Nothing happened when I clicked it though although it possibly did something as now when you boot it it gets locks in an Android loading screen then goes to a utilities menu. I can just about get it to the option to reset using the volume keys but can't select it since the home button is stuck. The phone definitely did not get formatted though as it wasn't plugged in for long enough.

If I send it in as is what is the likelihood I that the data could be read? I know a little bit about encryption since I am a programmer and have used the Open SSL and mcrypt libraries before but am no expert in Android.

It looks like online attacks are now out since you can't enter the password; besides after a few failed attempts the phone makes you restart anyway. From what I've read doing an offline attack on the phone's hard drive is going to be hard since the password is salted with a cryptographically secure key (I would presume at least 128 bits). So to decrypt it you would either need to know the actual encryption key (never going to happen) or the key the password is salted with and the password (also never going to happen).

I know that Mazuma mobile are likely a reputable company and don't have the time or inclination to decrypt the storage, there is no incentive for anyone to go through the trouble of decrypting it and that the scenario I am presented with is the same as losing the phone. I guess I just wanted reassurance that my technical assumptions are correct and the data is prohibitively difficult for anyone to get access to. There is no SD card or additional storage, just the main phone storage.

Thank you.

Undervalued

DocQuincy wrote: »

I have a broken Samsung S8 that Masuma will give me £110 for. The screen is broken that flashes with a green hue and you can just about make out what is on the screen. The home button is also completely stuck in.

S8s are encrypted by default. My password isn't that strong (I wanted something easy to enter) but is much stronger than a simple PIN. It is ten characters but only made up of a-z0-9.

While there is nothing massively sensitive on there I used the phone for work (I am self-employed) and what with all the noise made over the GDPR I am just being cautious about this.

The screen is too bad to be able to enter the password and do a reset as the keyboard flickers and jumps around.

I plugged it into a laptop I have running Fedora and an option came up to format it. Nothing happened when I clicked it though although it possibly did something as now when you boot it it gets locks in an Android loading screen then goes to a utilities menu. I can just about get it to the option to reset using the volume keys but can't select it since the home button is stuck. The phone definitely did not get formatted though as it wasn't plugged in for long enough.

If I send it in as is what is the likelihood I that the data could be read? I know a little bit about encryption since I am a programmer and have used the Open SSL and mcrypt libraries before but am no expert in Android.

It looks like online attacks are now out since you can't enter the password; besides after a few failed attempts the phone makes you restart anyway. From what I've read doing an offline attack on the phone's hard drive is going to be hard since the password is salted with a cryptographically secure key (I would presume at least 128 bits). So to decrypt it you would either need to know the actual encryption key (never going to happen) or the key the password is salted with and the password (also never going to happen).

I know that Mazuma mobile are likely a reputable company and don't have the time or inclination to decrypt the storage, there is no incentive for anyone to go through the trouble of decrypting it and that the scenario I am presented with is the same as losing the phone. I guess I just wanted reassurance that my technical assumptions are correct and the data is prohibitively difficult for anyone to get access to. There is no SD card or additional storage, just the main phone storage.

Thank you.

I think that is the key point. You were happy to carry the phone around and could have lost it or had it stolen at any point so you are already one or two steps better than that.

Ultimately are you prepared to accept any slight remaining risk for £110 or do you smash the phone into a thousand pieces?

If you go for the second option you can download a guide from GCHQ about how small the remaining pieces should be!!!

DocQuincy

If you go for the second option you can download a guide from GCHQ about how small the remaining pieces should be!!!

Ha ha! I know I am probably being overly cautious but I don't think that's a bad thing sometimes. I think you are right though.

If anyone who is clued up on the encryption in Android I would be interested to hear.

Undervalued

DocQuincy wrote: »

Ha ha! I know I am probably being overly cautious but I don't think that's a bad thing sometimes. I think you are right though.

If anyone who is clued up on the encryption in Android I would be interested to hear.

Actually, I am not joking, you really can! It gives similar details about hard disks, CDs DVDs etc.

DoaM

Can you not plug your phone into your PC and reset the phone via Samsung's interface utility? (Might be Windows only, so you might need a PC running Windows).

forgotmyname

Undervalued wrote: »

Actually, I am not joking, you really can! It gives similar details about hard disks, CDs DVDs etc.

Seen that a long time ago, security specialist said the CD or hard drive platter they put through the shredder was not a problem. They could easily read the data off the particles.

Trying to think at what point does odin give you access to the phones data?

DocQuincy

Actually, I am not joking, you really can! It gives similar details about hard disks, CDs DVDs etc.

I didn't know that, I assumed you were joking!

Frozen_up_north

Will you get the expected amount with a broken screen and home button? These buyers are well known for grumbling over the most minor scratches, knocking the price down significantly on receiving it.

DocQuincy

Can you not plug your phone into your PC and reset the phone via Samsung's interface utility? (Might be Windows only, so you might need a PC running Windows).

To be honest I've only ever used Linux's built in MTP to manage files so I never really thought of this but it is a good suggestion.

When I've used Kies in the past though it, for obvious security reasons, won't do anything until you unlock your phone with your passcode. However, it's worth I try. I do have Kies installed on a old machine at home. I will try later on and let you know!

DocQuincy

Will you get the expected amount with a broken screen and home button? These buyers are well known for grumbling over the most minor scratches, knocking the price down significantly on receiving it.

That's the main pro of Mazuma. They offer a price for fixed and one for broken, guaranteed.

The criteria for faulty is:

Each device should:
• Include its battery (you can keep memory card, charger, etc)
• Be intact - not crushed, bent or snapped in half
• Not have any missing parts or components
Faulty examples: Water damaged, Broken/bleeding LCD (screen), blank display, no power up, faulty/cracked touch screen, faulty operating system, etc

DoaM

Do you already have a new phone?

How much would it cost to fix the S8?

How much would you likely get for a working S8?