Freezing an Android smartphone circumvents its encryption

 Freezing an Android smartphone circumvents its encryption

Security researchers have discovered a major vulnerability in Android phones that allows encryption to be circumvented if the device is frozen for an hour.

Security researchers have discovered a major vulnerability in Android phones that allows encryption to be circumvented if the device is frozen for an hour.

 
A team at Erlangen's Friedrich-Alexander University in Germany tested the method, leaving Android phones in a freezer until they fell below -10 degrees Celsius, which revealed previously scrambled data, including contact lists, browsing histories, and photos, according to the BBC.
 
Google added the encryption feature as part of the Ice Cream Sandwich update to Android, which has presented difficulties for law enforcement, but has protected the identities and data of users. All of that protection is now at risk with just the change of temperature.
 
frost pincrack Freezing an Android smartphone circumvents its encryption
 
When an Android phone reaches sub-zero the battery can be quickly disconnected and reconnected, which allows the loading of new software instead of Android itself. The team developed software called FROST, Forensic Recovery of Scrambled Telephones, which lets them copy data from the phone for analysis on a computer.
 
The researchers were also able to take advantage of the fact that memory data fades more slowly when the chips are cold, giving them time to hack the system and steal the encryption keys for even more access to potentially sensitive information.
 
This form of hacking, known as “cold booting,” has been previously used on computers, but this is the first time it has been demonstrated on a mobile phone. Smartphones might have much of the functionality of normal computers, but it seems they also have many of the same vulnerabilities.
 
The team are now working on a way to protect devices from the exploit.
 
Source: BBC