If a phone and laptop were in police custody for a few years, should I assume both are irreparably compromised? No charges ever materialized, and the Prosecuting Attorney has now formally declined the charge request. I never provided law enforcement with login credentials. Both devices are encrypted. I can’t find evidence of known bios or firmware exploits for the laptop, and I’d wipe the SSD and flash new bios and firmware before use. I can’t find any publicly-known bootloader exploits for the phone, a Pixel device, and I’d wipe the storage and firmware before use. I don’t recall whether the phone was running GrapheneOS or stock android (or whether this would make a difference).
1 Like
Yes, destroy and replace them.
3 Likes
It depends on your threat model.
(post deleted by author)
I assume not, but is there a safe way to retrieve data (plaintext files) from them?
1 Like
A write blocker would work for that.
That would require decrypting the drives which may compromise the data they contain if we are assuming the hardware has been compromised.
2 Likes
Right, I am not immediately assuming compromise because no threat model has been explicitly defined yet.
1 Like
Thanks. With respect to my threat model, my objective risk level is low. However, following this ordeal, my subjective risk tolerance and sense of security are even lower. I’d not heard of write blockers before, which leads me to suspect I’m less qualified to navigate any real or imagined data-retrieval-related risks than I’d believed. The files would be nice to have, but they’re very non-critical. Doesn’t seem worth it - I think I’ll just leave things alone.
2 Likes
Sure, I am glad you were able to reach a conclusion regarding your plaintext file data.
1 Like