Frosty attack on Android encryption
Contributed by: Email on 02/15/2013 11:32 AM
[
Comments
]
Two researchers at the University of Erlangen in Germany have demonstrated a way of accessing an encrypted Android smartphone using a freezer. To access the cryptographic key stored in the phone's memory, they placed the phone in the freezer compartment for an hour, with the result that the memory content remained almost literally frozen. They used a special tool to read the cryptographic key from the phone's memory (cold boot attack).
By cooling the device to below 10 degrees, the volatile memory can be made to retain data for a short period of time without power. Tilo Müller and Michael Spreitzenbarth exploit this to disconnect the battery for a moment, resulting in a reboot.
The researchers use a special recovery image to read the secret cryptographic key and other information from the frozen RAM
Source: Tilo Müller and Michael Spreitzenbarth They then use a key combination to invoke the bootloader, allowing them to flash and run their own recovery image, dubbed "Frost". For this to work, however, the bootloader needs to be already unlocked, as any unlocking would wipe user data. Frost then searches the memory for, among other things, the cryptographic key for decrypting user data stored in the (non-volatile) storage.
Since version 4.0, Android has offered the ability to encrypt personal data (if the user activates the appropriate checkbox in the settings).
When disconnected from the power supply at room temperature, data stored in RAM rapidly disappears. In addition to the cryptographic key, Frost was also able to extract many other items of personal data from the frozen smartphone's memory, including plain text Wi-Fi access data, WhatsApp chat history, the address book, and photos taken on the phone.
By cooling the device to below 10 degrees, the volatile memory can be made to retain data for a short period of time without power. Tilo Müller and Michael Spreitzenbarth exploit this to disconnect the battery for a moment, resulting in a reboot.
The researchers use a special recovery image to read the secret cryptographic key and other information from the frozen RAM
Source: Tilo Müller and Michael Spreitzenbarth They then use a key combination to invoke the bootloader, allowing them to flash and run their own recovery image, dubbed "Frost". For this to work, however, the bootloader needs to be already unlocked, as any unlocking would wipe user data. Frost then searches the memory for, among other things, the cryptographic key for decrypting user data stored in the (non-volatile) storage.
Since version 4.0, Android has offered the ability to encrypt personal data (if the user activates the appropriate checkbox in the settings).
When disconnected from the power supply at room temperature, data stored in RAM rapidly disappears. In addition to the cryptographic key, Frost was also able to extract many other items of personal data from the frozen smartphone's memory, including plain text Wi-Fi access data, WhatsApp chat history, the address book, and photos taken on the phone.
Comments
