,

FROST attack Stuns Android Phones Users

frost attackSecurity of any nature is a very important aspect which should never be taken for granted. Most people tend to use the internet to act as a secondary storage area where they can store some of their valid information. They do this with their utmost confidence that the system is secure enough to protect their data. In most cases the endeavor is successful while in other cases it ends up with fatal repercussions. All thanks to the hacker’s who are always trying to break down the system and use it to their advantage. The so called cyber crimes have been experienced and are still being experienced today. Android phones are their latest victims.

The FROST attack method is the latest technique being used to hack into the Smartphones. So it wouldn’t be a surprise if the next time you misplace your Smartphone, you begin by checking the freezer. A group of Scholars at Friedrich-Alexander University have discovered that Android Smartphone devices running on versions 4.0 (Ice Cream) are the most susceptible gadgets to this chilling technique. According to them, you only need to freeze your device up to 15 degrees Celsius for about 1 hour, repeatedly pop the battery on and off the phone in short bursts then it’s all systems go. Another method that can be used to achieve this include; repeatedly powering on and off the phone while at the same time holding down the volume buttons. This should be done immediately after the device is off the freezer.

They said that the cold temperatures allowed one to easily bypass the encryption system on your Android device hence granting you access to the web sites visited, contact lists, and even your photos. How is this even possible? The researchers said that the cold temperatures have a tendency of allowing the data stored in the RAM of your device to hang around a little bit longer. It is quite simple, the colder the temperatures the longer the data exposure periods.

Via CNET

2 Comments

Leave a Reply
  1. This isn’t really a description of the actual attack. The “freezing” part doesn’t magically allow one access to the phones data. Everyone seems to be writing and talking about this “attack” as though one would simply freeze the phone, pop the battery in and out a few times, and then boot it up and get access to the phone. It’s a lot more involved than that.

    The attack itself has been publicized for sometime and works with any system that would be storing the encryption keys required to access its data in the system RAM. Normally it is assumed that when one powers down RAM, all the data is lost. By bringing the RAM to low temperatures, the data on the RAM erases at a much slower rate.

    After slowing down the decay of the data in RAM, the memory modules must be accessed (in this case via an application launched on the phone) and the data stored copied and analyzed before it erases. During this time the attacker would copy the data to another medium such as an SD card or thumb-drive for future retrieval purposes. Now the keys can be analyzed from the dump of memory and the device encryption can be bypassed.

    It’s not just as simple as popping it in a freezer and playing musical chairs with the freakin’ battery. Stop writing about it like it is. All it does is betray your ignorance on a pretty simple technical issue.

  2. Old news. Please stop talking about it. Who cares? I doubt that somebody is going to steal my phone and freeze it, and if they do, they get to see my contact list and web history? Big deal! Stop going on and on about this non-issue.

Leave a Reply

Your email address will not be published. Required fields are marked *