Danger on ice: Android info thaws in cold boot attack

Feb 18, 2013 by Nancy Owano report
Danger on ice: Android info thaws in cold boot attack

(Phys.org)—Can low temperatures yield access to information in the phone's memory? Researchers found that a "FROST" attack can unlock an Android's phone data. Their research findings discuss how hackers can freeze their way into a phone's sensitive data. Researchers at Erlangen University in Germany showed how their cold boot attack method was able to read information from a Samsung Galaxy Nexus running the latest version of Android.

They said the hack can be achieved even if the phone is protected by a PIN and with its storage disk encrypted. They said they chose the from Samsung because it was the first device with Android 4.0 and consequently it was the first Android-based smartphone with encryption support. Also, since it is an "official" phone, they added, it carries an official Android version from Google unmodified by the phone manufacturer. They said that Google releases are most amenable for in-depth security analysis.

In their paper, they wrote, "We present FROST, a tool set that supports the forensic recovery of scrambled telephones. To this end we perform cold boot attacks against Android smartphones and retrieve disk encryption keys from RAM. We show that cold boot attacks against Android phones are generally possible for the first time, and we perform our attacks practically against Galaxy Nexus devices from Samsung."

Authors Tilo Mueller and Michael Spreitzenbarth of the Friedrich-Alexander University of Erlangen-Nuremberg discovered that Android's boot sequence enabled them to perform cold boot attacks, and they observed how valuable information can be retrieved from RAM. According to the researchers, such cold boot attacks can allow the retrieval of sensitive information such as contact lists, visited web sites, and photos, directly from RAM, even though the bootloader is locked. By chilling the Galaxy , the researchers could bypass security settings and read from the phone's memory. The recovery tool FROST stands for Forensic Recovery of Scrambled Telephones.

In chilling the phone to freezing temperatures, the information lingered on in memory for five or six seconds, which was long enough to pull data out with a computer.

Mueller and Spreitzenbarth found they could read data that included images, e-mails and web browsing history.

Their research is not a first in explorations into cold-boot attacks, which were in evidence as early as 2008, shown on PCs. Their research, however, focused on mobile devices.

The authors referred to data remanence, where the computer RAM holds residual information briefly even after the computer is shut down. Mueller observed that in cooling the phone the contents are lost in five or six seconds, enough time to reboot the phone and access the memory. Rebooting a phone more often may leave less in its memory.

On the flip side, their research is not only a warning for users but may be helpful for forensic experts who attempt to recover data from a seized phone.

Explore further: Android gains in US, basic phones almost extinct

More information: www1.informatik.uni-erlangen.de/frost
www1.cs.fau.de/filepool/projects/frost/frost.pdf

Related Stories

Google working on phone with built-in payment tool

Nov 16, 2010

Google Inc. is taking another stab at designing a game-changing mobile phone, this time by including a built-in payment system that could eventually enable the devices to replace credit cards.

Recommended for you

Android gains in US, basic phones almost extinct

Apr 18, 2014

The Google Android platform grabbed the majority of mobile phones in the US market in early 2014, as consumers all but abandoned non-smartphone handsets, a survey showed Friday.

Hackathon team's GoogolPlex gives Siri extra powers

Apr 17, 2014

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Microsoft CEO is driving data-culture mindset

Apr 16, 2014

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

User comments : 4

Adjust slider to filter visible comments by rank

Display comments: newest first

gwrede
5 / 5 (1) Feb 18, 2013
I experimented with my VIC-20 in the early eighties, and found out that its RAM retained all data very reliably if I pulled the power plug for less than a quarter of a second. I then used this for debugging.

Later I had a handy friend install a real Reset Button on it, which felt like real luxury.
PPihkala
5 / 5 (1) Feb 18, 2013
VIC-20 had static RAM (SRAM) while current memories are almost exclusively Dynamic RAM (DRAM). SRAM stores the information in the way the currents flow inside it, whereas DRAM stores the information into tiny capacitors. The charge in those capacitors discharges with time, so each one is refreshed at regular intervals while the memory is in use. The colder the memory the longer it takes to bleed the charge from it's cells. And that is exploited in these cold attacks. They could put sensitive info into SRAM, because that will lose it's state immediately when the current is interrupted. Of course they would need to put those memories into the devices first, before they could use this method.
antialias_physorg
1 / 5 (2) Feb 18, 2013
Yay for the guys from my alma mater.
baudrunner
3 / 5 (2) Feb 18, 2013
Looks like an oversight by the manufacturers. The issue of data remanence could be easily resolved by draining all the energy immediately during shutdown by adding an emitter-follower cascade circuit, much like those used in solid state refrigeration devices.

More news stories

Hackers of Oman news agency target Bouteflika

Hackers on Sunday targeted the website of Oman's official news agency, singling out and mocking Algeria's newly re-elected president Abdelaziz Bouteflika as a handicapped "dictator".

Ex-Apple chief plans mobile phone for India

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...