Thursday, March 14, 2013

Researchers can crack Android Security By Freezing you phone

In a rather scary, yet highly surprising way researchers have found a flaw in Android's security.  Researchers at Friedrich-Alexander University in Germany have discovered a highly unusual method for cracking the security encryption on Android Phones...Sticking them in the freezer. 

According to the team it even works in part on fully encrypted Android devices that have locked bootloaders.  Naturally the name of their toolkit for the exploit is "FROST" for Forensic Recovery Of Scrambled Telephones.

"Scrambled telephones are a nightmare for IT forensics and law enforcement, because once the power of a scrambled device is cut any chance other than brute force is lost to recover data," the FAU team said.

At the end of 2011, Google released version 4.0 of its Android operating system for smartphones. For the first time, Android smartphone owners were supplied with a disk encryption feature that transparently scrambles user partitions, thus protecting sensitive user information against targeted attacks that bypass screen locks.

Problem is, information stored in RAM remains present for much longer at lower temperatures...which means it's possible to access decryption keys in the phone's memory if done quickly enough.

Researchers found that by chilling a well-charged phone down to about minus 10 degrees Celsius, then turning it off and back on again as fast as possible and booting into recovery mode, data like web history, contacts, and photos can be plucked from the device using their custom software. 

If the phone has an unlocked bootloader, the software can even pull encryption keys from ram, allowing full access to internal storage.

My recommendation, make sure you don't have any photos on your phone you don't want your wife to see...

No comments :

Post a Comment