Remotely lock/wipe SailfishOS?

I’ve searched on this forum and old one and google a bit, and it seems there is no way to remote lock/wipe a lost/stolen phone with SailfishOS (unless a missed something).

This post on the old forum shows a few links of remote management, and Jolla in this blog post acknowledge that the OS supports the feature.

The security related features we’ve been developing into Sailfish 3 include among other things: encrypted user data and communication, new security architecture, remote lock and wipe, fingerprint support, VPN and specifically for corporate users: Mobile Device Management.

Is there any plan to add this feature to SailfishX so regular users can remotely lock/wipe their devices?

And if it requires an MDM, can this be self-hosted/installed so users can install their own management and be able to lock/wipe devices?

These smartphones contains lots of personal and sensitive data (2FA OTP, password managers, personal photos, identify documents, banking apps, etc.). Would be great to be able to wipe the device remotely.
I’ve had family members who got their android phone stolen and we managed to wipe it with Google’s features.

4 Likes

How about ssh to the device and nuke the encrypted user data by zeroing the first sector with dd?
That should be enough :slight_smile:

The SSH port must be publicly reachable for this method. I doubt this will work in 99% of the networks a smartphone is usually connected to (including mobile data).

That’s true for IPv4 providers, but most IPv6 capable carriers (at least in civilized countries) will give you publicly routable address.

If you are stuck on a carrier that only gives you an address behind a nat you can counter that with a script that uses for example cron to establish a reverse ssh tunnel at regular intervals and waits if there are pending connections.

NAT is just one issue, another are blocked incoming ports.

There is a specification for MDM, and some use smart messages through SMS.
But these requires a client on the phone (integrated in the OS or 3rd party), which have full rights to lock or wipe it out.

If Jolla already build something in the OS (as stated in the blog)?, then the better route is to use it or make it available on SailfishX.

In case it’s of interest, the documentation for the MDM API can be found here: https://sailfishos.org/develop/docs/sailfish-mdm/ with the device lock part likely being of most relevance.

This API is intended for use by an MDM client running on the device in the way you describe, so this isn’t a full solution to what you’ve asked for on its own.

It wouldn’t be hard, I think, to write a simple client just for device locking that uses the Sailfish::Mdm::DeviceLock API to remotely lock the device. Without a full MDM solution, it could just periodically access a remote URL you control to check whether it should do anything. I’m not aware of any apps that do this already though.

2 Likes

Thanks a lot :smiley_cat: , don’t know why I didn’t look at the docs. But that’s great thanks.

I’ll have a look at it and try to write something up. Maybe a Devember challenge in February.
I’ve found an open source MDM server (probably there is more) but not sure if they can be used to control a custom client. I’ll explore them too.

1 Like

There’s some interesting scope with the MDM API for this kind of thing, and I feel like it’s crying out for a community app to make the most of it. I’d love to see the results of your work.

A Fevruary… Debruary… Febeloper challenge… Coming up with these names is harder than it looks.

3 Likes

Hopefully I’ll start looking on this during my work break in mid February.