Friday, February 15, 2013

Frosty attack on Android encryption

Galaxy Nexus in a freezer
Clad in just a flimsy freezer bag, the Android phone (in this case a Samsung Galaxy Nexus) has to withstand a whole hour in the freezer at minus 15 degrees Zoom
Source: Tilo M?ller and Michael Spreitzenbarth

Two researchers at the University of Erlangen in Germany have demonstrated a way of accessing an encrypted Android smartphone using a freezer. To access the cryptographic key stored in the phone's memory, they placed the phone in the freezer compartment for an hour, with the result that the memory content remained ? almost literally ? frozen. They used a special tool to read the cryptographic key from the phone's memory (cold boot attack).

By cooling the device to below 10 degrees, the volatile memory can be made to retain data for a short period of time without power. Tilo M?ller and Michael Spreitzenbarth exploit this to disconnect the battery for a moment, resulting in a reboot. The Frost recovery image
The researchers use a special recovery image to read the secret cryptographic key and other information from the frozen RAM Zoom
Source: Tilo M?ller and Michael Spreitzenbarth
They then use a key combination to invoke the bootloader, allowing them to flash and run their own recovery image, dubbed "Frost". For this to work, however, the bootloader needs to be already unlocked, as any unlocking would wipe user data. Frost then searches the memory for, among other things, the cryptographic key for decrypting user data stored in the (non-volatile) storage.

Since version 4.0, Android has offered the ability to encrypt personal data (if the user activates the appropriate checkbox in the settings).
When disconnected from the power supply at room temperature, data stored in RAM rapidly disappears. The Android logo after 0, 0.5, 1, 2, 4, and 6 seconds without power Zoom
Source: Tilo M?ller and Michael Spreitzenbarth
In addition to the cryptographic key, Frost was also able to extract many other items of personal data from the frozen smartphone's memory, including plain text Wi-Fi access data, WhatsApp chat history, the address book, and photos taken on the phone.

(fab)

Source: http://lxer.com/module/newswire/ext_link.php?rid=180916

bolton muamba sxsw crystal cathedral st. patrick s day brandon lloyd brandon lloyd celtic thunder

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.