Android phones susceptible to freezing cold boot attacks
(Credit: Friedrich-Alexander University)
The next time you’re looking for your misplaced Android smartphone, check the freezer. It’s possible, however unlikely, that someone is trying to hack into your data using a new FROST attack method.
Researchers at Friedrich-Alexander University in Germany have learned that it is possible to access personal information on Android 4.0 smartphones using a chilling technique.
Called FROST, or forensic recovery of scrambled telephones, it amounts to placing the phone in temperatures of -15 Celsius for roughly 1 hour. After removing from a freezer, you must repeatedly power on and off the phone and hold down the volume up and down. In the case of the Samsung Galaxy Nexus, the university simply disconnected and reconnected the battery in very short (less than 500ms) bursts.
The team was able to successfully break into the phones and access contact lists, visited web sites, and photos using cold boot attacks. Even handsets that are encrypted are found to be vulnerable to the method; however, the bootloader must be first unlocked. Ironically, it was Android 4.0 Ice Cream Sandwich that introduced disk … [Read more]
Read more The Download Blog – CNET