In association with heise online

15 February 2013, 16:34

Frosty attack on Android encryption

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Galaxy Nexus in a freezer
Zoom Clad in just a flimsy freezer bag, the Android phone (in this case a Samsung Galaxy Nexus) has to withstand a whole hour in the freezer at minus 15 degrees
Source: Tilo Müller and Michael Spreitzenbarth

Two researchers at the University of Erlangen in Germany have demonstrated a way of accessing an encrypted Android smartphone using a freezer. To access the cryptographic key stored in the phone's memory, they placed the phone in the freezer compartment for an hour, with the result that the memory content remained – almost literally – frozen. They used a special tool to read the cryptographic key from the phone's memory (cold boot attack).

By cooling the device to below 10 degrees, the volatile memory can be made to retain data for a short period of time without power. Tilo Müller and Michael Spreitzenbarth exploit this to disconnect the battery for a moment, resulting in a reboot. The Frost recovery image
Zoom The researchers use a special recovery image to read the secret cryptographic key and other information from the frozen RAM
Source: Tilo Müller and Michael Spreitzenbarth
They then use a key combination to invoke the bootloader, allowing them to flash and run their own recovery image, dubbed "Frost". For this to work, however, the bootloader needs to be already unlocked, as any unlocking would wipe user data. Frost then searches the memory for, among other things, the cryptographic key for decrypting user data stored in the (non-volatile) storage.

Since version 4.0, Android has offered the ability to encrypt personal data (if the user activates the appropriate checkbox in the settings).
Zoom When disconnected from the power supply at room temperature, data stored in RAM rapidly disappears. The Android logo after 0, 0.5, 1, 2, 4, and 6 seconds without power
Source: Tilo Müller and Michael Spreitzenbarth
In addition to the cryptographic key, Frost was also able to extract many other items of personal data from the frozen smartphone's memory, including plain text Wi-Fi access data, WhatsApp chat history, the address book, and photos taken on the phone.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit