HITBSecConf2017 Amsterdam (April 10th - 14th)
Register Online Now!
Frosty attack on Android encryption
If you lose possession of an Android phone, your PIN or pattern unlock might not be enough to protect the sensitive data stored on it. Not, at least, after it’s spent an hour in a hacker’s freezer.
A pair of researchers at Erlangen University in Germany have shown that a trick known as a “cold boot attack” can read data from a Samsung Galaxy Nexus running the latest version of Android, even when the phone is protected by a PIN and has its storage disk encrypted. They call their technique FROST, or Forensic Recovery of Scrambled Telephones. By simply cooling the phone to around five degrees Fahrenheit and quickly rebooting it, Tilo Mueller and Michael Spreitzenbarth found they could read data from its memory including images, emails and web browsing history, as well as the key that in some cases allows them to decrypt the phone’s encrypted storage disk.