Your one-stop web resource providing safety and security information to manufacturers

There is a new way to freeze out the security on encrypted Android phones, just stick the device in a freezer next to the ice cubes and ice cream.

Freezing the device does work, even on those fully encrypted and have locked bootloaders, according to researchers at Friedrich-Alexander University (FAU) in Germany. They call their toolkit for the exploit, FROST, which stands for Forensic Recovery Of Scrambled Telephones.

Q4: Android Marked for Malware
HTC will Fix Holes in Mobile Devices
BYOD Growth Brings Security Fears
SAS: Keeping an Eye on Mobile Devices

“Scrambled telephones are a nightmare for IT forensics and law enforcement, because once the power of a scrambled device is cut any chance other than brute force is lost to recover data,” the FAU team said.

Disk encryption came into play for Android in Version 4.0, or Ice Cream Sandwich. The researchers used a Samsung Galaxy Nexus to demonstrate FROST in a step-by-step tutorial posted to their website.

Schneider Bold

The idea behind the exploit is information stored in RAM remains present for much longer if the temperature is cold, which means it can be possible to access decryption keys stored in the phone’s memory if it’s done quickly enough.

By chilling a well-charged phone to about minus 10 degrees Celsius, then turning it off and on again as fast as possible (the team recommended simply popping the battery in and out quickly) and booting it into recovery mode, attackers could grab data like photos, Web history and phone contact lists from the device using custom software developed by the German researchers.

If the phone has an unlocked bootloader, the software can even snare encryption keys from the vulnerable RAM, allowing for full access to everything stored on the device.

Pin It on Pinterest

Share This