Access files on locked, encrypted Android phones by putting them in a freezer for an hour

This is alarming, if true: according to a group of German security researchers at the University of Erlangen, if you put a locked, encrypted Android phone in the freezer for an hour and then quickly reboot it and plug it into a laptop, the memory will retain enough charge to stay decrypted, and can boot up into a custom OS that can recover the keys and boot the phone up with all the files available in the clear. The attack is called FROST: "Forensic Recovery Of Scrambled Telephones," and it requires a phone with an unlocked bootloader to work.

At the end of 2011, Google released version 4.0 of its Android operating system for smartphones. For the first time, Android smartphone owners were supplied with a disk encryption feature that transparently scrambles user partitions, thus protecting sensitive user information against targeted attacks that bypass screen locks. On the downside, scrambled telephones are a a nightmare for IT forensics and law enforcement, because once the power of a scrambled device is cut any chance other than bruteforce is lost to recover data.
We present FROST, a tool set that supports the forensic recovery of scrambled telephones. To this end we perform cold boot attacks against Android smartphones and retrieve disk encryption keys from RAM. We show that cold boot attacks against Android phones are generally possible for the first time, and we perform our attacks practically against Galaxy Nexus devices from Samsung. To break disk encryption, the bootloader must be unlocked before the attack because scrambled user partitions are wiped during unlocking. However, we show that cold boot attacks are more generic and allow to retrieve sensitive information, such as contact lists, visited web sites, and photos, directly from RAM, even though the bootloader is locked.

FROST: Forensic Recovery Of Scrambled Telephones

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE: android • crypto • mobile • security • telephony

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

voiceinthedistance

Chilling.
- TheKaz1969
  
  I see what you did there…
  - http://disqus.com/Kimmoth/ Kimmo
    
    Coolest.
    
    Hack.
    
    Ever.
Peter Chylewski

April 1st is yet to come.
Prezombie

Don’t most CPUs have a thermometer gauge to prevent overheating? a simple workaround would be to have the RAM overwrite keys and vital data sets if the CPU gets too cold.

Edit: Now that I think about it, that’s a weak stopgap solution at best, an attacker could just focus the cold with a can of compressed air on just the RAM.

The real solution would be to give the end user the ability to re-lock the bootloader in the new state.
- metacalifragilistic
  
  aka Android 4.3, Ice Cream Headache
- http://twitter.com/DooMMasteR DooMMasteR
  
  you actually can do eactly that :)
  unlock (wipes the phone)
  flash some custom rom
  and then lock again… also make sure you have a recovery installed that checks for signatures in update packages…
  and selfsign all updates with your selfdeployed key
  at least on the GN that is no reaproblem
  - jimmoffet
    
    Don’t forget using a task killer to empty your discretionary ram on screen off. Otherwise, anything stored in ram (recent websites, etc…) are still accessible.
http://blog.doomsdayzen.com agonist

This reminds me of how much more interesting real hacking is to the lame stuff we see in movies like Skyfall.
Larry Rubinow

Only works if it’s running Ice Cream Sandwich.
http://ryankiefer.me/ Ryan Kiefer

This attack only appears to easily work against phones with a user-removable battery, as there isn’t any other easy way to quickly reset an Android phone if you can’t pop the battery out. So devices like the Nexus 4 are slightly more guarded. (Though a determined attacker could still partially dissemble the device, rendering this moot.)
http://ryansingel.net Ryan Singel

This is the first good argument I’ve ever seen for manufacturers locking down the bootloader.
- oasisob1
  
  Or for sticking with your old Nokia dumbphone.
  - technogeekagain
    
    Or getting a wifi palmtop, and getting a phone, and not trying to shove ten pounds into a five-pound bag.
eain

@Ryan- True. Which is frustrating for a number of OTHER security reasons. Is it possible to unlock a bootloader, load a new ROM, and then RE-lock the bootloader?
technogeekagain

Given that “cold boot” has another meaning already, color me a bit skeptical about this scenario. OK, yes, maybe one can muck up the clocks enough by freezing the heck out of the thing to enlarge a timing window enough to exploit it, but I’d be more than slightly surprised.
http://jhhl.net jhhl

ICE WIlliam Gibson, NEUROMANCER
- http://glitch.tl/ Michael Smith
  
  No good against my kuang mark grade 11 icebreaker virus.
http://www.openbuddha.com/ Al Billings

Of course this works in principle. This was demonstrated with laptops a couple of years ago and even covered here.

http://boingboing.net/2008/07/19/cold-boot-encryption.html
ldobe

scrambled telephones are a a nightmare for IT forensics and law enforcement

Cry me a river. They can track our phones just fine without decrypting them anyway. That’s bad enough already. I guess I’ll have to think about ways of making my phone self destruct now.
unaboomer

Desktop platforms have been known susceptible to this type of attack for years: https://citp.princeton.edu/research/memory/
If someone has that much access to your phone/system you’re gonna be in trouble anyway.
This is why you should always let Ramsay keep some of the circuit templates so Luther cant get them even if he catches you.
- http://twitter.com/racerabbit Fred Swetland, IV
  
  You…you just made a ‘Runaway’ reference. You are awesome.
  - planettom
    
    http://i22.photobucket.com/albums/b344/planettom/lj2011/im-in-ur-elevators-hurting-ur-magnum-pis.jpg
Alexander Borsi

And new feature in KLP: RAM heater. A 15w strip of nichrome wire kept running at all times.
Battery life MIGHT be affected.
kingluma

it’s even easier than that on Samsung Galaxy S 3 ;
http://www.zdnet.com/bug-allows-complete-lock-screen-bypass-on-samsung-galaxy-s-iii-7000012173/
SomeDude

On the downside, scrambled telephones are a a nightmare for IT forensics and law enforcement

Um, law enforcement can lick my balls, thank you very much.
timquinn

I wonder who funded this research?
http://twitter.com/WpgCameraMan Rock Hardwood

There HAS to be a test-jig you can get that powers up a board at just the right spots, so you can control things better. Pull the battery, ship it off to Langley or local digital forensics lab, fit it to jig, do the magic, email dump to client.

Seems a more reliable method than guesstimating thermal properties and allowing the device to manage it’s own boot.
- BillGlover
  
  I think in this case they are relying on the key being retained in memory from the last decryption. (The phone is on, but locked when they start). If they pull the battery for long enough for the memory to lose its contents, they lose the key.
- jimmoffet
  
  Default disk encryption is to protect you from meddling by not particularly talented law-enforcement.
  
  If the guys who want your stuff have access to a digital forensics lab run by the CIA, you will probably want to use something a little stronger.
eldueno

Its about time someone was able to do this.
niktemadur

Jeez, if these people would put half as much focus, ingenuity and effort into achieving World Peace than they do into these challenges, we’d be halfway there by now.
- Gulliver
  
  Right, because getting seven billion violent apes to live in harmony and cracking a cellphone’s encryption are clearly problems in the same league. And the erosion or civil rights has nothing to do with human rights abuses antithetical to World Peace (TM). I guess all those Middle-Eastern peoples who whine about Western corporations obsequiously betraying them to the murderous regimes they’re trying to overthrow should really just shut the fuck up, because niktemadur wants privacy activists to focus on more important things!
  
  Come on, niktemadur, I know from watching your comments here that you know better than that.
  - niktemadur
    
    half as much and halfway there.
    I was going for a Pythonesque thing there, c’mon:
    “If you had half as much watching this show as we had making it, then we had twice as much fun as you did.”
  - niktemadur
    
    Plus the fact that I’m truly baffled at just how they come up with such incredibly abstract methods to do something like this.
    - Gulliver
      
      Well, you see, a physicist, a cryptographer and a Java developer walk into a bar and all say, “I’ll have a cold one.”
      
      The bartender balks, “You haven’t paid your tab from your last fetch-execute cycle, I’ll need to hack some collateral this time.”
      
      The physicist says to the cryptographer, “Give her your iPhone,” but the cryptographer replies, “And void my $100 service plan? You’re nuts!”
      
      So the physicist turns to the Java developer and says, “Give her your Android.”
      
      The developer asks, “Where’s your phone,” to which the physicist says, “I left it in a parallel joke.” So the developer sighs, “What the dev hell, I voided the warranty fifteen minutes after activating it anyway.” He encrypts it, hands it to the bartender and says, “Don’t lose it.”
      
      She replies, “I’ll put it somewhere safe.”
DIIIIIIVE!!

And twenty years ago this was already being done to car radios to reset their codes.