Freezing hell, Androids are under attack

11 Mar 13

Thinking of sending a text? Hold the phone, literally. Oh wait, it's 28 degrees outside, you should be safe.

In what has to be one of the most bizarre research papers ever published, German scientists say freezing an Android phone can reveal its data secrets.

After freezing phones for an hour, researchers say the method is the most effective way of exploiting the encryption system which protects phone data.

With the cold attacks scrambling the system, researchers gained access to contact lists, browsing histories, photographs and no doubt a severe case of frostbite.

So, as you are all wondering, how on earth did this form of research even come about?

Google released a data scrambling system for Android called Ice Cream Sandwich, which proved effective for end-users, but problematic for law enforcement and forensics workers.

Not to be defeated however, researchers Tilo Muller, Michael Spreitzenbarth and Felix Freiling simply whacked a few smartphones into a freezer until they dropped below -10C.

"We present FROST (Forensic Recovery of Scrambled Telephones), a tool set that supports the forensic recovery of scrambled telephones," the scientists said in their blogpost. "To this end we perform cold boot attacks against Android smartphones and retrieve disk encryption keys from RAM.

"We show that cold boot attacks against Android phones are generally possible for the first time, and we perform our attacks practically against Galaxy Nexus devices from Samsung."

Essentially chilling a phone to make its contents vulnerable, the breakthrough could actually impact the daily life of Russians, Scandinavians, Alaskans and basically anybody living in Dunedin from June onwards.

"To break disk encryption, the bootloader must be unlocked before the attack because scrambled user partitions are wiped during unlocking," the researchers said.

"However, we show that cold boot attacks are more generic and allow to retrieve sensitive information, such as contact lists, visited web sites, and photos, directly from RAM, even though the bootloader is locked.

Branding smartphones small PCs, the scientists were the first to try the method on phone products, and are currently working on defences against the attack to ensure encryption keys are never place in vulnerable memory chips.

For all you skiers or snowboarders out there looking forward to a winter on the slopes, remember to leave your smartphone in the locker, or better still, the microwave.

Share on: LinkedIn Twitter Facebook