Skip to main content

Frosty attack on Android encryption

posted onFebruary 15, 2013
by l33tdawg

If you lose possession of an Android phone, your PIN or pattern unlock might not be enough to protect the sensitive data stored on it. Not, at least, after it’s spent an hour in a hacker’s freezer.

A pair of researchers at Erlangen University in Germany have shown that a trick known as a “cold boot attack” can read data from a Samsung Galaxy Nexus running the latest version of Android, even when the phone is protected by a PIN and has its storage disk encrypted. They call their technique FROST, or Forensic Recovery of Scrambled Telephones. By simply cooling the phone to around five degrees Fahrenheit and quickly rebooting it, Tilo Mueller and Michael Spreitzenbarth found they could read data from its memory including images, emails and web browsing history, as well as the key that in some cases allows them to decrypt the phone’s encrypted storage disk.

Source

Tags

Android Encryption

You May Also Like

Recent News

Thursday, January 18th

Monday, January 15th

Friday, January 12th

Thursday, January 11th

Wednesday, January 10th