frost-130307-2

Security researchers in Germany have discovered that physically freezing an Android smartphone can grant access to encrypted data.

Google’s encryption method, which has been a part of Android since the “Ice Cream Sandwich” release, was bypassed by exposing a smartphone to freezing temperatures for an hour, according to the BBC. After that time period, researchers were able to access previously encrypted contacts, browsing histories, and photos.

The test was conducted by researchers from Friedrich-Alexander University in Germany with Samsung Galaxy Nexus handsets, and the phones were cooled to 10 degrees below zero Celsius. Then the battery was quickly disconnected and reconnected, placing the handset into a vulnerable mode.

“This loophole let them start it up with some custom-built software rather than its onboard Android operating system,” the report said. “The researchers dubbed their custom code Frost — Forensic Recovery of Scrambled Telephones.”

The strange and involved process of bypassing Android encryption is not likely a concern to end users of Android devices, but could be an issue for corporations and governments that carry highly sensitive information on mobile devices. The researchers said that while they tested their methods with the Galaxy Nexus, other Android phones are also likely to be vulnerable.

Freezing the phone reportedly aids in the hacking of Android because the low temperatures cause data to fade from internal chips more slowly. Researchers used this phenomenon to obtain encryption keys and unscramble the phone’s encrypted data.

The complexity of circumstances, hardware and cost required mean nothing, of course, to corporate hackers and government snoops. One way or another, you and I are picking up the tab.



  1. fishguy says:

    Cool.

  2. Lobotomized says:

    Gives new insight into Ice Cream Sandwich.

  3. dusanmal says:

    Not a news. General theory existed for quite a while and actual applications on any computer system were practical for few years (and at that point it was a news). Same can be done with anything “computing and encrypted”, iPhone, tablets, laptops, PCs, Macs, … any thing. So, they applied it to Android…

  4. msbpodcast says:

    Huhm .. If the file is encrypted, it should not be readable like it was clear text. It will still be a scrambled mess of binary digits.

    They have to be reading a clear text copy in a buffer.

    If the buffer was cleared prior to dunking in liquid nitrogen, or even mere Siberian/Canadian/Alaskan winter temperatures, they will have no access to the data.

    What ever app they were using was not designed to keep its data secure and to clear its buffers. The most that a properly designed app would reveal is the one image/text fragment in the buffer at the time the phone was frozen.

    • orchidcup says:

      From the article:

      Freezing the phone reportedly aids in the hacking of Android because the low temperatures cause data to fade from internal chips more slowly. Researchers used this phenomenon to obtain encryption keys and unscramble the phone’s encrypted data.

      • So what says:

        Don’t bother pod with reading the article, mere speculation is much more fun.

        • Gwad his own self says:

          Pod is speaking as a competent and knowledgeable programmer. As am I. He is right and you are, uh. Not right.

      • msbpodcast says:

        My comment about properly designed apps still apply.

        Only the currently the image being currently viewed should be available.

        Using the same decryption key for the phone as for the text/images is clearly an idiot’s mistake. It would not be allowed to happen.

        Leaving the decryption key in the clear for longer that the decryption process without clearing (Os and then 1s) the buffer (and wiping out the key) is a mistake only an amateur would make.

        This crack was clearly not of an app designed by the NSA.

        There is not the possibility of a serious breach.

        P.S. They also design their apps to wipe (entirely wipe with zeroes and then ones,) all of the buffers as soon as they are through using them, and that applies to multi-step decrypt key retrieval cascade. (Its a bit of a pain for agents in the field but that the price they pay for being able to pay to with all this neat hardware.)

        The window of opportunity for intercepting the key is precisely one decrypt cycle in length.

        That’s not an awful lot of time and you can only retrieve one decrypted item.

        The rest are all secured.

  5. So what says:

    This news sends a chill up my spine.

  6. Lou says:

    Buy a Blackberry.

  7. Universal says:

    you miss understand what this is doing. this is whole disk encryption. what this program dose is search in ram for the key used to decrypt the disk. it exploits the nature that DRAM holds what ever data it had once you power off the device for about 20 seconds, you extend the detiration of dram by cooling it down reducing decay.

    cooling
    increases the threshold voltages of MOSFETs and the forward voltage drop of diodes.it decreases the leakage component of MOSFETs and diodesIt improves the on-state performance of the MOSFETs.

    this attack is much of fail as most android device are bootloader locked and are signed to which this attack requires you to boot its custom os with a usb boot.

    cold boot attacks are yesterdays news

    • CrankyGeeksFan says:

      Also according to the author’s site, unlocking the bootloader wipes the user partition.

  8. deowll says:

    This would require obtaining the phone while it is still on, freezing it, pulling out the battery and putting it back in and somehow injecting some new code from outside which might require taking the phone apart…There has to be some serious money available and some real geeks to do it to even think about trying something like this.

  9. bent at the waste says:

    So I think the real question here is, “Is my trucrypted thumb drive stuffed to the gills full of pron crack-able or not?”

    • deowll says:

      No more crackable than before. The only question being is your pass word being maintained in ram because somebody allowed your phone to draw power to do that even after the memory should have been purged either in software or by cutting the power. There are some advantages to old fashioned mechanical switches. If you pop the battery on that Samsung and count to ten slowly then put it back in the password should be long gone. Just having an encrypted file on the phone that you haven’t opened on the phone is going to tell them jack. People who can’t be sure they killed the power by disconnecting the battery may have to purchase software that would purge their ram. It should not be all that hard to write. Obtaining same might attract government interest.

  10. deowll says:

    I’d like to thank CrankyGeeksFan for the data. There would seem to be several ways to get around this with the simplest being some way to assure that the phone had a real power off switch that prevented ram from drawing any power from the battery or a program that flushed ram as part of turning the phone off. The encrypted data in your “drive” is still going to be encrypted.

    • CrankyGeeksFan says:

      You’re welcome.

      I guess the “Recovery Mode” option in Android’s Fastboot is what keeps the Frost image from overwriting the target data (the data in the phone’s memory space that’s below freezing) when the Frost image is booted into RAM.

  11. 0100011111101101000111111011000001010010111100111000001001100111010111001101100110110000010111101101100110000010110 01110001011100101100101111000010 says:

    10100010111011110001101001111001111000011100101111001011111101101110110000010100101111001110000010111101101101111010011010011100000100100111100001100101111010011001001100000101000010

    10011011111011101011100000101000011010011110100110000010100001101110110000010100101100100111001011111101100101111000010

  12. Gwad his own self says:

    Pay no attention to the fact that the NEW (real) threats are at the chip level. Good luck finding those vulnerabilities, much less preventing them.

    People who are serious about computer security are now working under the assumption that encryption is obsolete.

    Enjoy smokin’ on the devil’s johnson.

  13. Glenn E. says:

    All this expensive government research was many done so that Hollywood can now use it a few times in movies and Tv shows, as a quick hi-tech spy bit. I guarantee some future production will have the Federal agents bursting thru the door, grabbing some guy’s cell phone, and dropping it into a canister of liquid nitrogen. Or something along those lines. It may not make any sense. But it doesn’t matter, it’s “movie magic”. It’s something unique, that the viewers haven’t seen before. Whether it really works or not, doesn’t make any difference. They heard about it, in the news. And then a few thriller productions use it. And so they’re entertained.

    Tax dollars well wasted.

    • CrankyGeeksFan says:

      The research was done in Germany, and I don’t think any U.S. research money was used.

      Previously, the freezing technique has worked on laptop computers and other electronic devices. I think this research is more along the lines of proof-of-concept.


1

Bad Behavior has blocked 9416 access attempts in the last 7 days.