A spell in the freezer unlocks Android RAM data

Just putting an Android phone in a freezer can be enough to make it vulnerable to attack, say researchers who have demonstrated the exploit.

Dubbed ‘Frost‘, the technique was devised by two researchers from Germany’s Erlangen University, who present it as a way for forensic law enforcement to gather data from a scrambled phone with a locked bootloader.

“To this end we perform cold boot attacks against Android smartphones and retrieve disk encryption keys from RAM,” they say. “We show that cold boot attacks against Android phones are generally possible for the first time, and we perform our attacks practically against Galaxy Nexus devices from Samsung.”

The technique involves putting the phone into a plastic bag in a freezer for about an hour at a temperature below 10 degrees Celsius. This apparently increases the success of cold boot attacks considerably, as RAM contents fade away more slowly if RAM chips are cold. It’s a phenomenon known as remanence.

“If you accidentally pull the plug out of the wall before you’ve saved that fantastic new presentation, don’t expect to get it back,” explains Paul Ducklin of Sophos.

“But if you can cycle the power quickly enough, and reboot under your own control from some secondary device, such as a USB key, you might be able to see the ghostly remnants of what the previously-running operating system was up to.”

Once the phone’s nice and chilly, it is then rebooted by quickly unplugging and then returning its battery, after which the researchers’ fastboot flash recovery frost.img is downloaded.

The researchers say they were able to access sensitive information, such as contact lists, visited web sites and photos and even the encrption key, directly from RAM.

“Since smartphones get switched on only seldom, and since the tools that we provide must not be installed before the attack, our method can be applied in real cases,” they say.