« previous next »
Pages: [1]

Author Topic: Researchers bypass Android encryption by freezing cellphones  (Read 1813 times)

TechMan

  • Administrator
  • Senior Member
  • *****
  • Posts: 10,562
  • Yes, your moderation has been outsourced.
Researchers bypass Android encryption by freezing cellphones
« on: March 11, 2013, 09:17:19 AM »
http://www.bbc.co.uk/news/technology-21697704

German security researchers have found that if you freeze an Android phone (-10C) for an hour, they could bypass the encryption system.  The encryption system was introduced with the Android version code named Ice Cream Sandwich.

Quote
The trio discovered that quickly connecting and disconnecting the battery of a frozen phone forced the handset into a vulnerable mode. This loophole let them start it up with some custom-built software rather than its onboard Android operating system. The researchers dubbed their custom code Frost - Forensic Recovery of Scrambled Telephones.

More at the linky.
Report to moderator   Logged
Quote
Hawkmoon - Never underestimate another person's capacity for stupidity. Any time you think someone can't possibly be that dumb ... they'll prove you wrong.

Bacon and Eggs - A day's work for a chicken; A lifetime commitment for a pig.
Stupidity will always be its own reward.
Bad decisions make good stories.

Quote
Viking - The problem with the modern world is that there aren't really any predators eating stupid people.

dogmush

  • friend
  • Senior Member
  • ***
  • Posts: 13,897
Re: Researchers bypass Android encryption by freezing cellphones
« Reply #1 on: March 11, 2013, 09:21:41 AM »
Nobody really still thinks smart phones are secure do they?
Report to moderator   Logged

RevDisk

  • friend
  • Senior Member
  • ***
  • Posts: 12,633
    • RevDisk.net
Re: Researchers bypass Android encryption by freezing cellphones
« Reply #2 on: March 11, 2013, 11:25:15 AM »
Quote from: dogmush on March 11, 2013, 09:21:41 AM
Nobody really still thinks smart phones are secure do they?

Blackberries are, if you use a BES.
Report to moderator   Logged
"Rev, your picture is in my King James Bible, where Paul talks about "inventors of evil."  Yes, I know you'll take that as a compliment."  - Fistful, possibly highest compliment I've ever received.

Brad Johnson

  • friend
  • Senior Member
  • ***
  • Posts: 18,083
  • Witty, charming, handsome, and completely insane.
Re: Researchers bypass Android encryption by freezing cellphones
« Reply #3 on: March 11, 2013, 11:26:58 AM »
ZOMG!! SOMEONE CAN HACK A PHONE!!

Really...  ;/

I guess I shouldn't be surprised.  There's still a whole section of the population that still believes "Macs don't get viruses".

Brad
Report to moderator   Logged
It's all about the pancakes, people.
"And he thought cops wouldn't chase... a STOLEN DONUT TRUCK???? That would be like Willie Nelson ignoring a pickup full of weed."
-HankB

AmbulanceDriver

  • Junior Rocketeer
  • friends
  • Senior Member
  • ***
  • Posts: 5,932
Re: Researchers bypass Android encryption by freezing cellphones
« Reply #4 on: March 11, 2013, 11:31:54 AM »
I actually looked at this article when it first came out in The Register....   And actually read the research paper they posted.   There are a couple of pretty important caveats...   If you have Android's version of whole "disk" encryption enabled, they can't actually read the full long term storage, so long as you don't have an unlocked bootloader (i.e., haven't rooted your phone).  Apparently, the process of installing a new bootloader erases the long term storage.  However, they can still do a RAM dump and obtain anything that was still living there in RAM memory.  

However, if you have an unlocked bootloader, then they can install their custom ROM on the phone without overwriting the storage.  And they can (usually) recover the encryption key from RAM and proceed to decrypt the entire storage area on the phone.  

The disturbing thing is that several of the phones they tested shipped from the factory with an unlocked bootloader....

Oops.
Report to moderator   Logged
Are you a cook, or a RIFLEMAN?  Find out at Appleseed!

http://www.appleseedinfo.org

"For some many people, attempting to process a logical line of thought brings up the blue screen of death." -Blakenzy

freakazoid

  • friend
  • Senior Member
  • ***
  • Posts: 6,243
Re: Researchers bypass Android encryption by freezing cellphones
« Reply #5 on: March 11, 2013, 01:09:38 PM »
Quote
The encryption system was introduced with the Android version code named Ice Cream Sandwich.

So Android named their encryption system Ice Cream Sandwich, and the way to bypass it is to freeze it?  :rofl:
Report to moderator   Logged
"so I ended up getting the above because I didn't want to make a whole production of sticking something between my knees and cranking. To me, the cranking on mine is pretty effortless, at least on the coarse setting. Maybe if someone has arthritis or something, it would be more difficult for them." - Ben

"I see a rager at least once a week." - brimic

erictank

  • friends
  • Senior Member
  • ***
  • Posts: 2,410
Re: Researchers bypass Android encryption by freezing cellphones
« Reply #6 on: March 11, 2013, 05:31:59 PM »
Quote from: freakazoid on March 11, 2013, 01:09:38 PM
So Android named their encryption system Ice Cream Sandwich, and the way to bypass it is to freeze it?  :rofl:

ICS is the name of that version of the OS.The current mass-market one, v.4.0 (some manufacturers have 4.1-4.2 now, but most are likely still running 4.0 - upgrades can take a while). All their OS builds have had names for sweets - Ice Cream Sandwich, Jelly Bean, Froyo (frozen yogurt), Eclair, Cupcake...

I'm hungry now.
Report to moderator   Logged
Pages: [1]
« previous next »