Blog

Ice Ice, Data

I've been talking about the need for a multi-layer approach to security for years, particularly when I hear about companies relying on encryption alone.

I've been talking about the need for a multi-layer approach to security for years, particularly when I hear about companies relying on encryption alone. There are the usual vulnerabilities that have been around for a long time, and then there are (rather strange) weaknesses that pop up everyday. Check out Darren Pauli's SC Magazine article that talks about cracking encrypted Android data by literally freezing the device: Researchers have cracked encrypted user data on an Android phone by placing the device in a freezer to preserve RAM. In doing so, they demonstrated that Android's implementation of full disk encryption, introduced in version 4 (Ice Cream Sandwich), was vulnerable to so-called cold boot attacks. The attacks have been known for years but have not been applied to Android, the researchers said. It's quite simple: don't rely on encryption alone. Or, to keep with the "frozen" theme: "Don't leave your data out in the cold. Insulate it with data masking." (Seriously.)