Cracking Android’s full disk encryption

FROST

At the end of 2011, Google released version 4.0 of its Android operating system. For the first time, Android smartphone owners were supplied with a disk encryption feature that transparently scrambles user partitions, thus protecting sensitive user information against targeted attacks that bypass screen locks. On the downside, scrambled telephones are a a nightmare for IT forensics and law enforcement, because once the power of a scrambled device is cut any chance to recover data other than bruteforce is lost. Continue reading “Cracking Android’s full disk encryption”

Cracking the Face Recognition Lock on Android

Since Android 4.0 is available, the user has the possibility to unlock his smartphone by looking in the front-camera. This feature is called face unlock.

Just some hours after Google has presented the new Android version including this feature, it was broken by some blogger who just hold a picture of the person the smartphone belongs to in front of the locked smartphone. As a proof, there are plenty videos on youtube. With this demonstration in mind, you have to come to the conclusion that face recognition isn’t a real lock feature, its more a fancy way of the old screen lock were you just have to swipe over the display. Continue reading “Cracking the Face Recognition Lock on Android”

Android devices and JTAG

Today I got some new toys to improve the forensic investigation process on smartphones. These tools allow to connect directly to the JTAG interface on the smartphone and so it should be possible to get a real dump of the memory.

I’m really excited how this works out 🙂