X

Sign in

Sign in to confirm

Have you forgotten your password?

... or login with Facebook:

Don't have an AndroidPIT account yet? Sign up

Frozen Android Phone Vulnerable To Hacks

Edwin Kee
2

frost

Playing psychological games with a hostage to retrieve crucial and mission critical information from them is something that humanity has done for a long, long time, but who would have thought that smartphones, too, are not exempt from a certain kind of "torture"? I am not referring to threatening to smash your Android handset with a hammer lest it gives up its unlock code, but rather, a team at Erlangen's Friedrich-Alexander University (FAU) managed to discover a method of accessing an encrypted Android device's contact lists, browsing histories and photos simply by sending it to the freezer, and using the FROST (Forensic Recovery Of Scrambled Telephones) method afterwards.

In a nutshell, chilling an Android-powered phone would make its contents vulnerable to copying, but first, your Android 4.0 Ice Cream Sandwich device will need to have its temperature dropped to -10 degrees Celsius or lower, before a workaround of Ice Cream Sandwich’s encryption system can be scrambled in order to access the data within.

What used to be a nightmare for law enforcement and forensics workers with the encryption system that Ice Cream Sandwich employed seems to have been banished, thanks to the work done by the team at Erlangen's Friedrich-Alexander University (FAU), which comprises of researchers Tilo Muller, Michael Spreitzenbarth and Felix Freiling.

Once the well chilled Android smartphone has reached the desired temperature, connecting and disconnecting the battery of the frozen device quickly would force the handset into a vulnerable mode. This particular loophole would then open a window of opportunity to boot it up using custom-built software, bypassing the pre-installed Android operating system along the way. This custom code has been dubbed FROST as mentioned above.

FROST will allow the researchers to copy sensitive data on the handset which can then be analysed on a separate compute later on. Not only that, a chilled device would also experience slower data fades from memory, which enables hackers or digital forensic teams to obtain encryption keys while speeding up the unscrambling process when it comes to a phone’s content.

While the Samsung Galaxy Nexus was chilled and had this method used on it successfully, who are we to say that other Android 4.0 Ice Cream Sandwich powered handsets will not suffer the same fate as well when sent to the chiller?

Comments

Write new comment:

Author
7

What will Android 5.0 be named?