In a rather scary, yet highly surprising way researchers have found a flaw in Android's security. Researchers at Friedrich-Alexander University in Germany have discovered a highly unusual method for cracking the security encryption on Android Phones...Sticking them in the freezer.
According to the team it even works in part on fully encrypted Android devices that have locked bootloaders. Naturally the name of their toolkit for the exploit is "FROST" for Forensic Recovery Of Scrambled Telephones.
"Scrambled telephones are a nightmare for IT forensics and law
enforcement, because once the power of a scrambled device is cut any
chance other than brute force is lost to recover data," the FAU team
said.
At the end of 2011, Google released version 4.0 of its Android operating
system for smartphones. For the first time, Android smartphone owners
were supplied with a disk encryption feature that transparently
scrambles user partitions, thus protecting sensitive user information
against targeted attacks that bypass screen locks.
Problem is, information stored in RAM remains present for much longer at lower temperatures...which means it's possible to access decryption keys in the phone's memory if done quickly enough.
Researchers found that by chilling a well-charged phone down to about minus 10 degrees Celsius, then turning it off and back on again as fast as possible and booting into recovery mode, data like web history, contacts, and photos can be plucked from the device using their custom software.
If the phone has an unlocked bootloader, the software can even pull encryption keys from ram, allowing full access to internal storage.
My recommendation, make sure you don't have any photos on your phone you don't want your wife to see...
Thursday, March 14, 2013
Wednesday, November 21, 2012
A big thank you to Jazee's Microblog
I would just like to say thank you to Jazee's for the helpful post. My Gmail account was recently hacked and required a password change and a little tighter lock down. Seems like a simple thing yet turned in to a big hassle. After changing the password on the computer and updating some of the Gmail security settings I went to update the password on my android phone, I typed in the password and hit submit, the software quickly rejected it. Attempted another password change in case I picked something too long, still rejected. Dug deep on the internet and found Jazee's post. If I understand it correctly I locked down Gmail so tight even my android phone couldn't log in. So anyone struggling with this issue I highly recommend the link below.
[Solved] Samsung GALAXY Tab 10.1 — My phone is not accepting my Google Account/Email username and password
Tuesday, May 29, 2012
Improve Android Battery Life by Changing The Way You Charge
With the introduction of smart phones we quickly saw battery life drop to only a day long if you're lucky. Having your phone die halfway through the day has quickly become the norm. Good news is there's something you can do about it.
After doing some research in to the way Android phones charge I found an interesting quirk. It's has to do with the way the phone tracks the charge level. I've had my phone shut off several times claiming to be dead only to find out when I plug it in it claims to have a 50% or more charge. Research revealed that the phone tracks the battery level in two ways.
1. Part of the Android OS.
2. The phones internal systems.
It appears that the Android OS(At least Android 2.2 in my case) fails on a regular basis to correctly calculate the charge level, in many cases by up to 50%-60% less than it actually is. The good news is there's a charging method that will allow you to get that extra charge.
1. Power down the phone and charge it to 100%(tip: a quick press on the power button while off with show this screen.
2. Don't make the mistake of unplugging at this point. Pulling the plug while the phone is still off results in the shortest battery life possible.
After doing some research in to the way Android phones charge I found an interesting quirk. It's has to do with the way the phone tracks the charge level. I've had my phone shut off several times claiming to be dead only to find out when I plug it in it claims to have a 50% or more charge. Research revealed that the phone tracks the battery level in two ways.
1. Part of the Android OS.
2. The phones internal systems.
It appears that the Android OS(At least Android 2.2 in my case) fails on a regular basis to correctly calculate the charge level, in many cases by up to 50%-60% less than it actually is. The good news is there's a charging method that will allow you to get that extra charge.
1. Power down the phone and charge it to 100%(tip: a quick press on the power button while off with show this screen.
2. Don't make the mistake of unplugging at this point. Pulling the plug while the phone is still off results in the shortest battery life possible.
3. Power on the phone and wait. Letting it sit for about 15-30min allows everything to boot and appears to allow the phone to sync the battery level. I like to power it up when I first wake up and let it sit while I have breakfast, shower, etc.
4. Once the phone is all powered up and ready to go it's safe to unplug and enjoy the charge!
Thursday, March 1, 2012
Living Without 3G Data
The Results
Overall I was happy with the improvement of battery life, going from only about one full day worth of battery to somewhere in the 1-2.5 day range. Not having to listen to the tone in low coverage areas when the 3G dropped out was an added bonus as well. So it sounds like a great improvement right?
The Problem
Only problem with shutting off 3G is none of your apps have access to the internet. This doesn't seem like a problem if the phone is in your pocket right? Thing is, when 3G is turned back on they all have a heyday. So you go to check the weather, your email, or an address quick and you have to fight the apps for data and processing power. Something as simple as checking a price online I found could take up to 10min waiting for the phone to catch up. The worst of them all was actually Gmail, as far as I can tell any time Gmail looses data connection it must sync everything back up, all of your emails, contacts, calendar, etc. This process was the main reason for the slow response anytime you wanted to check something quick.
My Recommendation
Overall the battery life improved dramatically, but the problems didn't make it worth it for me, so it's back to running with 3G. If you're in a bind and need to stretch that battery a while or are in a poor coverage area I highly recommend it, but it's just not practical on a daily basis.
Subscribe to:
Posts
(
Atom
)