This is alarming, if true: according to a group of German security researchers at the University of Erlangen, if you put a locked, encrypted Android phone in the freezer for an hour and then quickly reboot it and plug it into a laptop, the memory will retain enough charge to stay decrypted, and can boot up into a custom OS that can recover the keys and boot the phone up with all the files available in the clear. The attack is called FROST: "Forensic Recovery Of Scrambled Telephones," and it requires a phone with an unlocked bootloader to work.
At the end of 2011, Google released version 4.0 of its Android operating system for smartphones. For the first time, Android smartphone owners were supplied with a disk encryption feature that transparently scrambles user partitions, thus protecting sensitive user information against targeted attacks that bypass screen locks. On the downside, scrambled telephones are a a nightmare for IT forensics and law enforcement, because once the power of a scrambled device is cut any chance other than bruteforce is lost to recover data.
We present FROST, a tool set that supports the forensic recovery of scrambled telephones. To this end we perform cold boot attacks against Android smartphones and retrieve disk encryption keys from RAM. We show that cold boot attacks against Android phones are generally possible for the first time, and we perform our attacks practically against Galaxy Nexus devices from Samsung. To break disk encryption, the bootloader must be unlocked before the attack because scrambled user partitions are wiped during unlocking. However, we show that cold boot attacks are more generic and allow to retrieve sensitive information, such as contact lists, visited web sites, and photos, directly from RAM, even though the bootloader is locked.
FROST: Forensic Recovery Of Scrambled Telephones
Today, The Intercept published leaked documents that contain the FBI’s secret rules for targeting journalists and sources with National Security Letters (NSLs)—the controversial and unconstitutional warrantless tool the FBI uses to conduct surveillance without any court supervision whatsoever.
“The Dark Overlord” is a hacker who’s made headline by advertising the availability of millions of health records on darknet sites, sending samples to news-outlets to validate their authenticity; in an interview with Motherboard’s Joseph Cox, Dark Overlord reveals that the disclosures are timed to put the pressure on other victims to pay ransoms to […]
Facebook recently told Fusion reporter Kashmir Hill that Facebook uses location data to recommend friends. People freaked out. Facebook retracted the statement. Then, the social media giant said what, that’s crazy, LOL, no. No, we didn’t do that at all. Now, Facebook’s communications team tells Hill the confusion arose “because there was a brief time […]
If you’ve got a coding career on your mind, few programming disciplines will take you farther than a commanding knowledge of the Python language. Its versatility and ease of use make it a go-to for any coding project…so master Python now with this all-inclusive All-Level Python Programming course bundle, now only $19 in the Boing Boing Store.Whether […]
The realm of web development is constantly evolving. New platforms, languages, and processes materialize all the time, so staying on top of all that innovation is a tall order.Whether you’re brushing up on new tricks, starting from scratch, or just looking to make your own website a little jazzier, Rob Percival’s new Complete Web Developer Course 2.0 (now […]
Folks used to rely on alarms to protect their home – and before that, the family dog. Now, anyone looking to guard their homes can choose from some high-tech options, including the Amaryllo iCamPRO FHD Home Security Camera (now just $219 in the Boing Boing Store).In fact, this 2015 CES “Best of Innovation” award-winner boasts so many features, it’s […]