Martin Shelton

1.5K Followers
·
About
Follow

Great article. I wish there was one for the UK that covered our laws as thoroughly.
1

Daniel Fox

Martin Shelton

Jan 5, 2017·1 min read

Appreciate the thoughts. My understanding is that on Android devices, cryptographic keys are recoverable when sitting in RAM. For normal users, punching in their password once means they have their cryptographic keys in RAM until they restart their phone, even when the device is locked. If the phone hasn’t been turned off or the attacker knows how to keep the keys in RAM (e.g., with a cold boot attack, like you described), the keys can be recovered. In effect, this means the phone needs to be turned off completely and given time to “cool down” for disk encryption to work.

More here:

The limitations of Android N Encryption

Over the past few years we've heard more about smartphone encryption than, quite frankly, most of us expected to hear…

blog.cryptographyengineering.com

Written by

Martin Shelton

Writing about security for journalists, as well as beginners. Principal researcher at @freedomofpress. freedom.press/training

More from Martin Shelton

Writing about security for journalists, as well as beginners. Principal researcher at @freedomofpress. freedom.press/training

More From Medium

Two-Factor Authentication for Beginners

Netflix’s ‘Keeper Test’ Is the Secret to a Successful Workforce

Trump, Michigan, and What the GOP is Actually After.

20 Things Most People Learn Too Late In Life

How Many American Idiots Are There? 73 Million.

5 Signs Your Relationship Has An Expiration Date

The Results You Can Expect From 40 Minutes of Exercise A Day

Google’s 3-Word Plan to Help Employees Avoid Burnout Is So Simple You Should Steal It

About

Help

Legal

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store