Radio Sandwell Miscellanea

Frozen Android phones give up data secrets

2013-03-08 06:12:46

Freezing an Android phone can help reveal its confidential contents, German security researchers have found.

The team froze phones for an hour as a way to get around the encryption system that protects the data on a phone by scrambling it.

Google introduced the data scrambling system with the version of Android known as Ice Cream Sandwich.

The attack allowed the researchers to get at contact lists, browsing histories and photos.

Cold start

Android's data scrambling system was good for end users but a "nightmare" for law enforcement and forensics workers, the team at Erlangen's Friedrich-Alexander University (FAU) wrote in a blogpost about their work.

To get around this, researchers Tilo Muller, Michael Spreitzenbarth and Felix Freiling from FAU put Android phones in a freezer for an hour until the device had cooled to below -10C.

The trio discovered that quickly connecting and disconnecting the battery of a frozen phone forced the handset into a vulnerable mode. This loophole let them start it up with some custom-built software rather than its onboard Android operating system. The researchers dubbed their custom code Frost - Forensic Recovery of Scrambled Telephones.

The Frost software helped them copy data on a phone that could then be analysed on a separate computer.

A chilled phone also helped their hacking project. Data fades from memory much more slowly when chips are cold which allowed them to grab the encryption keys and speed up unscrambling the contents of a phone.

PhD student Tilo Muller told the BBC that the attack generally gave them access to data that had been put in memory as users browsed websites, sent messages or shared pictures.

The researchers tested their attack against a Samsung Galaxy Nexus handset as it was one of the first to use Android's disk encryption system. However, they said, other phones were just as likely to be vulnerable to the attack. The team are planning further tests on other Android handsets.

While the "cold boot" attack had been tried on desktop PCs and laptops, Mr Muller said the trio were the first to try it on phones.

"We thought it would work because smartphones are really small PCs," he said. "but we were quite excited that the trick with the freezer worked so well."

The German research group is now working on defences against the attack that ensures encryption keys are never put in vulnerable memory chips. Instead they are only used in the memory directly attached to a phone's processor.

Source: bbc.co.uk

Share this story

Related Stories

Miscellanea around the web

SEA MONSTER MYSTERY: Beast washes up on British beach leaving experts BAFFLED

Life on Mars: 'Fossilised skull' found on Red Planet evidence of ancient alien UFOs?

Cat named Pawfficer Donut to serve with police

End of the world: Christians believe THESE are the signs of the apocalypse

'Hello kitties' turns to 'beware bobcats' in Texas

Dr Dre loses name battle with gynaecologist Dr Drai

Donald Trump's hotel in Scotland bans Irn-Bru

Zoo in trouble after taking bear out for ice cream

Sharks really like jazz music, scientists say

Life after death? Woman ‘meets angel’ in shock glimpse of the afterlife

Image Slider