It sounds like more of a scene from a comic book movie, but freezing appears to be the latest threat for some Android devices. Chilling a phone in an extremely cold freezer can unlock the phones recent memory including images, emails, texts and web browser history.
Researchers Tilo Mueller and Michael Spreitzenbarth of Erlangen University in Germany have unveiled what they believe will be the newest way to retrieve data from locked or encrypted Android Phones. It is called FROST and it stands for Forensic Recovery of Scrambled Telephones.
The method involves freezing a phone, then pulling the battery and booting into Androids fastboot mode. Just after the fastboot procedure is complete, run the ‘FROST’ software and the phones memory can be dumped via USB. Now it is a bit more complicated than that, but it is a very high level overview of exactly what happens. It is possible because of how RAM works with storing temporary files.
“RAM doesn’t lose its content immediately,” says Mueller. “If it’s 30 degrees Celsius, it’s lost in one or two seconds. But if you cool the phone, the contents are lost in five or six seconds. That gives us enough time to reboot the phone and access the memory.” This method is not exactly new, but it is the first time it has been completed on mobile devices instead of on PC’s.
When Google launched their Android version 4.0 (Ice Cream Sandwich) in late 2011, they also finally offered users a disk encryption feature which protected end users data. This change was great for corporate security needs, but it is a rather tough pill for IT forensics and certain law enforcement officials looking for specific data on locked phones. They were no longer able to easily gain needed access to any Android phone.
Once the FROST software has access to the phones RAM, users are able to find the key to the encrypted storage and in some cases this means gaining full device access. One setback is finding a phone with a locked bootloader. The locked bootloader is a thorn in the side of many phone modders as it complicates or disables many custom ROMS. Even with a locked bootloader the FROST tool can gain access to the phones RAM and depending on its last reboot, this could contain personal data including address books, photos, emails, web history and text messages.
While this method is not something your everyday phone thief is going to have access to or even attempt, it is another security concern for Google. Since the tool requires a key found in RAM, the chances of them finding the key are diminished if the phone has recently been rebooted. The longer the time between reboots means more potential data can be found in its RAM. A reboot a day, could keep the hackers at bay.