
Frozen Android phones give up data secrets - iProject
http://www.bbc.co.uk/news/technology-21697704
======
lucian1900
This really has nothing to do with Android, or even phones. It's a well-known
exploit that works against most devices.

~~~
martinced
And the defense is well-known too right?

~~~
lucian1900
Yes, don't get your device in the hands of attackers.

~~~
ben1040
And keep your bootloader locked. It's nice that you _can_ do this on many
devices but you probably _shouldn't_ if you care enough to encrypt your data.

They used fastboot mode to boot a custom recovery image to perform the cold
boot attack. I imagine it would have to be much more difficult if you couldn't
boot unsigned code.

At least on Nexus devices unlocking the bootloader results in a data wipe, in
an attempt to mitigate some of this risk. Otherwise someone can just take your
phone from you, unlock the bootloader, and do who knows what to it.

Similarly, don't leave USB debugging mode on when you're not using the device;
with that on you can extract tons of data whether the phone is encrypted or
not (since the user data volume is decrypted when it's mounted at boot time).
USB debugging is how many of the Cellebrite and other forensic extractors
work: [http://www.cellebrite.com/forensic-solutions/android-
forensi...](http://www.cellebrite.com/forensic-solutions/android-
forensics.html)

They've done some work to address this in Android 4.2.2, where now there's a
key exchange taking place as part of the debug mode handshake and you're
prompted on the device to accept the signature. If the device is locked then
the attacker wouldn't be able to answer the prompt.

