Freezing Android phones could break encryption
By Dave Stevenson
Posted on 18 Feb 2013 at 14:20
Encrypted Android handsets could have their security measures breached by a method that involves removing the battery in a low-temperature environment, researchers at Erlangen University have shown.
The attack depends on an encrypted handset having its battery suddenly pulled, leaving the contents of the RAM in a potentially recoverable state - unlike a standard shutdown procedure, in which the phone purges its RAM before turning off.
Data such as encryption keys stored in the phone's memory could theoretically be recovered if the phone was immediately restarted and its RAM was analysed quickly enough.
The attack works best at low temperatures, as this increases the internal resistance of the memory cells, causing the contents of the RAM to persist unpowered for longer than they would in warmer environments.
Security firm Sophos noted in a blog post that in order to succeed, the attack needs "three planets to align". In addition to a low-temperature environment and a removable battery, the phone must have an unlocked bootloader, as otherwise the memory will automatically be wiped when the phone is powered back on. The researchers used a custom distribution called Forensic Recovery of Scrambled Telephones, or FROST for short.
The formal paper also notes a potential problem with the process of freezing a phone to attempt to hack it: removing a phone from a very cold place to a warmer, more humid environment creates condensation, which could prove fatal to the phone once the battery is reconnected.
- Flickr redesign: is it enough to tempt photographers back?
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Google Now draining iPhone battery
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?
- Ransomware that's better made than antivirus software