Data remanence in semiconductor devices
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Lest we remember: cold boot attacks on encryption keys
SS'08 Proceedings of the 17th conference on Security symposium
Smudge attacks on smartphone touch screens
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
TRESOR runs encryption securely outside RAM
SEC'11 Proceedings of the 20th USENIX conference on Security
Data remanence in flash memory devices
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
SP 800-132. Recommendation for Password-Based Key Derivation: Part 1: Storage Applications
SP 800-132. Recommendation for Password-Based Key Derivation: Part 1: Storage Applications
TreVisor: OS-independent software-based full disk encryption secure against main memory attacks
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Deadbolt: locking down android disk encryption
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Hi-index | 0.00 |
At the end of 2011, Google released version 4.0 of its Android operating system for smartphones. For the first time, Android smartphone owners were supplied with a disk encryption feature that transparently encrypts user partitions. On the downside, encrypted smartphones are a nightmare for IT forensics and law enforcement, because brute force appears to be the only option to recover encrypted data by technical means. However, RAM contents are necessarily left unencrypted and, as we show, they can be acquired from live systems with physical access only. To this end, we present the data recovery tool Frost (Forensic Recovery of Scrambled Telephones). Using Galaxy Nexus devices from Samsung as an example, we show that it is possible to perform cold boot attacks against Android smartphones and to retrieve valuable information from RAM. This information includes personal messages, photos, passwords and the encryption key. Since smartphones get switched off only seldom, and since the tools that we provide must not be installed before the attack, our method can be applied in real cases.