A group of security researchers out of Germany published a report in which they describe making an Android-based phone vulnerable to an attack simply by sticking the device in a freezer.
German researchers were able to hack into an Android-based smartphone by freezing it.
The team at Erlangen’s Friedrich-Alexander University wrote in a blog post that they placed a Galaxy Nexus smartphone (Samsung) running Android mobile operating system “Ice Cream Sandwich” in a freezer for about an hour until the device had cooled to -10ºC (14ºF). They found that when the phone was in this physical state, quickly connecting and disconnecting its battery allowed them to bypass the system’s data-scrambling system. They then started the phone up while connected to a standalone computer running custom-built software, aptly referred to as “FROST” (Forensic Recovery of Scrambled Telephones), which allowed them to see and retrieve the phone’s data, which they could then decipher and analyze on the computer.
The reason why this works is because memory fades from computer chips much more slowly when it’s cold. This gradual pace affords the team more time to go in and grab data, including encryption keys, contact lists, pictures, messages, web-browsing history, and more.
The team’s next move comes in two parts — first, they plan on seeing what other Android-based devices are susceptible to this sort of loophole, then they intend on figuring out ways to prevent this sort of attack.
Specifically, they intend on working on a method that ensures the device’s encryption keys are never put in vulnerable memory chips.
Read the group’s full blogpost at informatik.uni-erlangen.de/frost