Freezing Android phones could break encryption

 

Gallery

By Dave Stevenson

Posted on 18 Feb 2013 at 14:20

Encrypted Android handsets could have their security measures breached by a method that involves removing the battery in a low-temperature environment, researchers at Erlangen University have shown.

The attack depends on an encrypted handset having its battery suddenly pulled, leaving the contents of the RAM in a potentially recoverable state - unlike a standard shutdown procedure, in which the phone purges its RAM before turning off.

Data such as encryption keys stored in the phone's memory could theoretically be recovered if the phone was immediately restarted and its RAM was analysed quickly enough.

The attack works best at low temperatures, as this increases the internal resistance of the memory cells, causing the contents of the RAM to persist unpowered for longer than they would in warmer environments.

Security firm Sophos noted in a blog post that in order to succeed, the attack needs "three planets to align". In addition to a low-temperature environment and a removable battery, the phone must have an unlocked bootloader, as otherwise the memory will automatically be wiped when the phone is powered back on. The researchers used a custom distribution called Forensic Recovery of Scrambled Telephones, or FROST for short.

The formal paper also notes a potential problem with the process of freezing a phone to attempt to hack it: removing a phone from a very cold place to a warmer, more humid environment creates condensation, which could prove fatal to the phone once the battery is reconnected.