How secure is Android? Until the first frost.

  • 9 April 2013
  • 7 replies
  • 2474 views

Userlevel 7
Android Phones Release Confidential Contents When Frozen
 
Android is the world’s most popular smartphone operating system, but it’s also the least secure: Most security firms agree that Google’s little green robot is the most popular place for new malware.

While Android is exceedingly susceptible because its code is famously open source, a team of German researchers have discovered a new vulnerability in the operating system, which essentially bypasses Google’s data scrambling encryption system introduced in Android 4.0 Ice Cream Sandwich to reveal the phone’s hidden data.

Engineers at the Friedrich-Alexander University in Erlangen, Germany, released a report on Thursday that explains how freezing an Android phone can help law enforcement or forensic workers expose a scrambled Android phone’s contact lists, photos, browsing histories and more.
 
Full article

7 replies

Userlevel 7
This security hole is really NOT cool in my opinion.  Thanks for the article Petr!
Userlevel 7
Yes, you're right David, firstly I thought it's a joke but after reading the article completely I got scared. Fortunately, freezing weather si hopefully over, so developers have all spring and summer to address this flaw 😃
Userlevel 7
True for us.. but our friends in the Southern Hemisphere might want to keep their phones in a nice warm inner pocket with cold weather approaching for them!
Userlevel 7
Hello Webroot folks!

This issue is quite of a science nature but I would like to hear erudite opinion, so can I ask Jim, Mike, Yegor or Roloc, or anyone else, to comment upon?

Thanks in advance.
Userlevel 7
It's interesting to me that the way they did this involved leaving it in a freezer while it was on and then replacing the battery in a split second. It's a legitimate proof of concept, but how often is a phone thief going to be willing to employ the use of a freezer and have such amazing dexterity to do something within a 500ms window? So it's a legitimate threat vector, but probably one that will seldom be used.

Of course, Webroot users can wipe their Android device remotely if necessary if the device is stolen.
Userlevel 7
Thanks Jim for your point of view. I admit it being very valid.
Userlevel 7
Another reason not to live in Minnesota in the winter.

Reply