Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Android Security

Unscrambling an Android Telephone With FROST 55

Posted by timothy from the no-mr-bond-I-just-want-your-phone dept.
Noryungi writes "Researchers at the University of Erlangen demonstrate how to recover an Android phone's confidential content, with the help of a freezer and FROST, a specially-crafted Android ROM. Quite an interesting set of pictures, starting with wrapping your Android phone in a freezer bag."
This discussion has been archived. No new comments can be posted.

Unscrambling an Android Telephone With FROST More

Unscrambling an Android Telephone With FROST

Comments Filter:

  • Why do freezers always seem to help recover data? (Score:5, Informative)

    by nefus ( 952656 ) on Thursday February 14, 2013 @10:44AM (#42895409) Homepage
    As far back as the late 1980's we used freezer's on hard-drives to recover data. It helped against various over-heating issues so you could recover just a little bit more data each time you used the drive. Every few years you hear about some other method to recover data with a freezer including putting a device in the freezer. Funny how it always works. All hail the freezer!

  • Re:Why do freezers always seem to help recover dat (Score:5, Informative)

    by Anonymous Coward on Thursday February 14, 2013 @11:09AM (#42895635)

    To expand on why this works.
    The RAM in a phone is dynamic RAM.
    It does not store data when unpowered, but needs that data to be periodically refreshed many times a second.
    It turns out, that especially when cooled, the RAM may in fact retain information for some period short enough to allow the device to be unpowered and repowered, and essentially retain all its data. (there may be a few errors).

    This, combined with booting into a new OS which then allows you to dump or do other things to the RAM enables the attack.

  • Re:Why do freezers always seem to help recover dat (Score:5, Informative)

    by tlhIngan ( 30335 ) <slashdot.worf@net> on Thursday February 14, 2013 @12:36PM (#42896493)

    It turns out, that especially when cooled, the RAM may in fact retain information for some period short enough to allow the device to be unpowered and repowered, and essentially retain all its data. (there may be a few errors).

    Actually, the period can be quite significant. One of my projects involved a kernel that could only dump messages to RAM. To get it out, I'd reboot the board and dump the log buffer. At regular room temperature, but elevated board temperature (jthe CPU was running for a good tilt so the board heated up), a power cycle (under 1s) would let you read it out perfectly. After 10s off, you could see corruption but was mostly readable. After 30s or so, it was barely readable.

    It appears the main physical phenomena is that the memory capacitors "distort" ever so slightly so the RAM doesn't completely powerup randomly, but is influenced by what was held there previously. It's a time related thing as well - a memory cell that was rapidly cycled would tend to have a lower time before corruption than a cell which held data staticly for a long time. Since encryption keys tend to fall in the latter, the memory tends to stay that way a bit longer (unless the code periodically switches memory buffers and scrubs the old one - it doesn't take much - just store a new pattern in then and it'll overwrite the old one).

    Sections 7 and 8 of the famous Gutmann paper [auckland.ac.nz] detail this effect in memory as well (you may recall the paper dealt with recovery of data off hard drives - but it also dealt with semiconductor nonvolatile memory as well).

    A followup paper(PDF) [cypherpunks.to] goes into more detail on semiconductor memory including flash storage.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close