ID: IRCNE2013031781
Date: 2013-03-10
According to "techworld", researchers at Friedrich-Alexander University in Germany have discovered a somewhat unusual method for cracking the security on encrypted Android phones -- sticking them in the freezer.
According to the team, the technique works (at least in part) even on devices that are fully encrypted and have locked boot loaders. Their toolkit for the exploit is dubbed FROST, for Forensic Recovery Of Scrambled Telephones.
Disk encryption was introduced to Android, ironically, in Version 4.0, or Ice Cream Sandwich. The researchers used a Samsung Galaxy Nexus to demonstrate FROST in a step-by-step tutorial posted to their website.
The idea behind the trick is that information stored in RAM remains present for much longer if the temperature is particularly cold -- which means that it can be possible to access decryption keys stored in the phone's memory if it's done quickly enough.
By chilling a well-charged phone to about minus 10 degrees Celsius, then turning it off and on again as fast as possible (the team recommended simply popping the battery in and out quickly) and booting it into recovery mode, data like photos, Web history and phone contact lists can be plucked from the device using custom software developed by the German researchers.
- 2