[guardian-dev] Fwd: [OTR-dev] OTR and Cold Boot Attacks
frank at ccc.de
Wed Feb 1 16:15:47 EST 2012
Wiping the memory once the temperature measured by the devices onboard temperature sensor might be a bit tricky, given the current freezing temperatures. Probably necessary to do a temp-recording test series first to calibrate for "normal" vs. "intentional freezing".
Greetings from Berlin,
On 01.02.2012, at 21:58, Jacob Appelbaum wrote:
> On 02/01/2012 11:28 AM, Hans-Christoph Steiner wrote:
>> This is something we should also deal with in Gibberbot, but I don't think its urgent. Cold boot attacks are still rare and difficult, and its very hard to script physical actions like grabbing a phone, freezing it, etc. ;)
>> I guess the core idea is to write over the unencrypted message contents in memory once the data has gotten to where it needs to go.
>> That reminds me, we should have a "no logging at all" pref in Gibberbot so that unencrypted messages are never stored anywhere. It'll be annoying, because if you switch away from Gibberbot and it gets killed by Android, when you come back, the messages will all be gone.
> Just FYI - I've been contacted for years by many different agencies and
> companies wanting to weaponize the Cold Boot Attack. I declined every
> single offer but it was clear that someone would eventually bite; I
> believe the DHS/ICE has a way to do it at airports for laptops and phones.
> So I'd say "urgent" but you know, I'm biased. :)
> All the best,
> Guardian-dev mailing list
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To Unsubscribe
> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
> Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/frank%40ccc.de
> You are subscribed as: frank at ccc.de
More information about the Guardian-dev