[feature-request] auto-shutdown if USB connected to locked device

[bungabunga]

I think Android lacks this security feature. Let's say you're at the customs on the airport, they want your phone unlocked to search it but you're not willing to comply. They take your phone away from you to connect it to their computer via USB to try to hack it. The moment the USB connection to the phone is made it shuts down. they go furious, you PROFIT.

I tried to automate this behaviour through different tasker apps on different devices with ocasional succes but i think this feature would maybe fit into your app.

Thanks!

[xmikos]

Nice idea! But I am not sure if this is really needed, if you have USB debugging enabled, device should not connect with previously unpaired adb without authorizing its key. And you couldn't really hack device through simple MTP file transfer protocol. Or do you have some specific case in mind where this will be essential?

[xmikos]

I have now tested it and if you connect your phone to PC with your screen locked, you can't see any files over MTP. Files are visible only after you unlock your screen.

[bungabunga]

i know that. i've been reading about hacking PCs through USB, FireWire... to get disk encryption masterkey even when locked. i am not a dev so i realy don't know, i only thought that it's possible to hack android the same way via different exploits. you can close this issue if you think that's not the case.

PS - another silly idea! what about a feature to set a fake pin, which would immediately shutdown android when entered?

[xmikos]

Devices connected via FireWire have direct access to system memory (DMA), so they can do nearly anything (e.g. get root access, extract decryption keys from memory, etc.). But this is not the case with USB (it doesn't support DMA). There can be potentially some expoitable bugs in adb server (if you have USB debugging enabled) or in MTP service, but both are opensource and can be audited.

But there also can be bugs in lockscreen itself (which would allow attacker to bypass password/PIN/pattern - like this one from not so long ago, which affected only password prompt, not PIN/pattern prompt).