If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(BBC)   Researchers bypass Android phone's encryption system by freezing it. In this context freezing is not a hacking term   (bbc.co.uk) divider line 16
    More: Interesting, Android Phone, Android, ice cream sandwich, FAU  
•       •       •

3527 clicks; posted to Geek » on 07 Mar 2013 at 9:18 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



16 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread
 
2013-03-07 09:18:43 PM  
So the laws of physics trumps security.  hmmm
 
2013-03-07 09:30:26 PM  
Freezing a memory chip so you can grab the encryption key before it clears isn't an Android vulnerability at all, it's a general hardware flaw.

But I guess throwing the Android brand into the headline makes it sound scarier, thus getting more clicks.
 
2013-03-07 09:33:17 PM  
 
2013-03-07 09:33:36 PM  
I remember reading about this a couple of weeks ago.  I seem to recall this particular method would only work if you had disabled a certain feature on your phone so that you could flash the ROM.
 
2013-03-07 09:37:47 PM  

MrEricSir: Freezing a memory chip so you can grab the encryption key before it clears isn't an Android vulnerability at all, it's a general hardware flaw.

But I guess throwing the Android brand into the headline makes it sound scarier, thus getting more clicks.


Well in fairness this is the first time it's been shown to work with an Android device.  And they did mention that this method had been tried on PCs and laptops before, though they did throw it in at the end of the article.
 
2013-03-07 10:14:31 PM  
This is because Android is...

THE DEVIL!!!!


(brought to you by Apple)
 
2013-03-07 10:36:37 PM  

Neondistraction: I remember reading about this a couple of weeks ago.  I seem to recall this particular method would only work if you had disabled a certain feature on your phone so that you could flash the ROM.


The description of it I read stated that they loaded in their own custom recovery image, which requires an unlocked bootloader. So this wouldn't work on a stock android install.

WIth some of the nexus devices, if you root them you can relock the bootloader via an ap.  So that might be wise for the security paranoid.
 
2013-03-07 11:01:36 PM  
Old news actually. This has been done with windows laptops a few years back.
 
2013-03-07 11:08:23 PM  
Huh. Never heard of that before.
 
2013-03-07 11:42:43 PM  
It's always refreshing to see there's still things science can teach us about technology. Like the article says, remember to heat your phone to protect from internut hackers! I like to cover my plucky little guy in a nice freshly cracked hand warmer and duct tape. God bless O:-)
 
2013-03-07 11:44:21 PM  

MrEricSir: Freezing a memory chip so you can grab the encryption key before it clears isn't an Android vulnerability at all, it's a general hardware flaw.

But I guess throwing the Android brand into the headline makes it sound scarier, thus getting more clicks.


Who could resist the coincidence that this encryption was introduced in Ice Cream Sandwich?
 
2013-03-08 12:26:51 AM  
So they adapted a known attack (which is also one of my interview questions) to a new platform.  Yawn.

/they didn't have to work so hard to hack android - there are easier ways
 
2013-03-08 12:35:02 AM  
If I read the article correctly, they bypassed the phones OS, ran their own code and managed to read the flash chips?  Wow... Almost like a custom OS that dumps out ROM files.  So what was the freezer for?

Am I missing something here?
 
2013-03-08 01:40:42 AM  

trialpha: Neondistraction: I remember reading about this a couple of weeks ago.  I seem to recall this particular method would only work if you had disabled a certain feature on your phone so that you could flash the ROM.

The description of it I read stated that they loaded in their own custom recovery image, which requires an unlocked bootloader. So this wouldn't work on a stock android install.

WIth some of the nexus devices, if you root them you can relock the bootloader via an ap.  So that might be wise for the security paranoid.


Yes, thank you, that's what I read as well.

The6502Man: If I read the article correctly, they bypassed the phones OS, ran their own code and managed to read the flash chips?  Wow... Almost like a custom OS that dumps out ROM files.  So what was the freezer for?

Am I missing something here?


The newest version of Android actually encrypts the disk when your phone is locked.  The decryption key is apparently stored in the phone's RAM.  Normally when RAM loses power the data stored on it is lost fairly quickly.  By freezing it, they reduced the amount of time it takes for that data to degrade.  They then load their custom software that is apparently able to read the decryption key and unlock the data on the device.
 
2013-03-08 04:46:05 AM  

MrEricSir: Freezing a memory chip so you can grab the encryption key before it clears isn't an Android vulnerability at all, it's a general hardware flaw.

But I guess throwing the Android brand into the headline makes it sound scarier, thus getting more clicks.


Also, if someone has your device and wants the data on it, you're farked. No matter which OS you use. This is a 'vulnerability' in much the same way that leaving a car unlocked with the driver door wide open is a 'vulnerability'.
 
2013-03-08 06:59:35 AM  

The6502Man: If I read the article correctly, they bypassed the phones OS, ran their own code and managed to read the flash chips?  Wow... Almost like a custom OS that dumps out ROM files.  So what was the freezer for?

Am I missing something here?


They read old data from the RAM. The data should have dissapeared after reboot due to loss of power, but the freezing kept it around.
 
Displayed 16 of 16 comments

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »
On Twitter





In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report