Story image

Freezing hell, Androids are under attack

11 Mar 2013

Thinking of sending a text? Hold the phone, literally. Oh wait, it's 28 degrees outside, you should be safe.

In what has to be one of the most bizarre research papers ever published, German scientists say freezing an Android phone can reveal its data secrets.

After freezing phones for an hour, researchers say the method is the most effective way of exploiting the encryption system which protects phone data.

With the cold attacks scrambling the system, researchers gained access to contact lists, browsing histories, photographs and no doubt a severe case of frostbite.

So, as you are all wondering, how on earth did this form of research even come about?

Google released a data scrambling system for Android called Ice Cream Sandwich, which proved effective for end-users, but problematic for law enforcement and forensics workers.

Not to be defeated however, researchers Tilo Muller, Michael Spreitzenbarth and Felix Freiling simply whacked a few smartphones into a freezer until they dropped below -10C.

"We present FROST (Forensic Recovery of Scrambled Telephones), a tool set that supports the forensic recovery of scrambled telephones," the scientists said in their blogpost. "To this end we perform cold boot attacks against Android smartphones and retrieve disk encryption keys from RAM.

"We show that cold boot attacks against Android phones are generally possible for the first time, and we perform our attacks practically against Galaxy Nexus devices from Samsung."

Essentially chilling a phone to make its contents vulnerable, the breakthrough could actually impact the daily life of Russians, Scandinavians, Alaskans and basically anybody living in Dunedin from June onwards.

"To break disk encryption, the bootloader must be unlocked before the attack because scrambled user partitions are wiped during unlocking," the researchers said.

"However, we show that cold boot attacks are more generic and allow to retrieve sensitive information, such as contact lists, visited web sites, and photos, directly from RAM, even though the bootloader is locked.

Branding smartphones small PCs, the scientists were the first to try the method on phone products, and are currently working on defences against the attack to ensure encryption keys are never place in vulnerable memory chips.

For all you skiers or snowboarders out there looking forward to a winter on the slopes, remember to leave your smartphone in the locker, or better still, the microwave.

Apple launches revamped iPad Air & iPad mini
Apple loves tinkering with its existing product lines and coming up with new ways to make things more powerful – and both the iPad Air and iPad mini seem to be no exception.
Epson innovations and Mercedes-AMG Petronas Motorsport
The world’s greatest motorsport event, the Formula One Grand Prix World Championship, descended on Melbourne’s Albert Park over the weekend for the first race of the 2019 season.
Tesla unveils the Model Y SUV
After much anticipation, Tesla unveiled the Model Y last week – a vehicle that is described as an all-electric, mid-size SUV that can seat seven adults – and the vehicle has a glass roof.
Preparation for Tokyo 2020 Olympics begins - with robots
The Tokyo 2020 Olympic Games are quickly approaching, but it won’t just be a sea of athletes and sports fans – now robots will make up a significant part of the fan experience.
NZ ISPs block internet footage of Christchurch shootings
2degrees, Spark, Vodafone and Vocus are now blocking any website that shows footage of the mosque shootings.
How AI could warn civilians before a volcanic eruption
Advance monitoring could lead to better disaster planning and evacuation warnings in the event of an eruption.
Facebook launches dedicated home for its Gaming
"All of our work on the Facebook Gaming team adds up to helping build the world's gaming community."
Spotify calls out Apple's anti-competitive behaviour
Apple's App Store rules "purposely limit choice and stifle innovation at the expense of the user experience—essentially acting as both a player and referee to deliberately disadvantage other app developers".