Frozen Android phones give up data secrets

Screengrab of Frost software Chilling a phone makes its contents vulnerable to copying

Related Stories

Freezing an Android phone can help reveal its confidential contents, German security researchers have found.

The team froze phones for an hour as a way to get around the encryption system that protects the data on a phone by scrambling it.

Google introduced the data scrambling system with the version of Android known as Ice Cream Sandwich.

The attack allowed the researchers to get at contact lists, browsing histories and photos.

Cold start

Android's data scrambling system was good for end users but a "nightmare" for law enforcement and forensics workers, the team at Erlangen's Friedrich-Alexander University (FAU) wrote in a blogpost about their work.

To get around this, researchers Tilo Muller, Michael Spreitzenbarth and Felix Freiling from FAU put Android phones in a freezer for an hour until the device had cooled to below -10C.

The trio discovered that quickly connecting and disconnecting the battery of a frozen phone forced the handset into a vulnerable mode. This loophole let them start it up with some custom-built software rather than its onboard Android operating system. The researchers dubbed their custom code Frost - Forensic Recovery of Scrambled Telephones.

The Frost software helped them copy data on a phone that could then be analysed on a separate computer.

A chilled phone also helped their hacking project. Data fades from memory much more slowly when chips are cold which allowed them to grab the encryption keys and speed up unscrambling the contents of a phone.

PhD student Tilo Muller told the BBC that the attack generally gave them access to data that had been put in memory as users browsed websites, sent messages or shared pictures.

The researchers tested their attack against a Samsung Galaxy Nexus handset as it was one of the first to use Android's disk encryption system. However, they said, other phones were just as likely to be vulnerable to the attack. The team are planning further tests on other Android handsets.

While the "cold boot" attack had been tried on desktop PCs and laptops, Mr Muller said the trio were the first to try it on phones.

"We thought it would work because smartphones are really small PCs," he said. "but we were quite excited that the trick with the freezer worked so well."

The German research group is now working on defences against the attack that ensures encryption keys are never put in vulnerable memory chips. Instead they are only used in the memory directly attached to a phone's processor.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

  • Shinji Mikamo as a boy, and Hiroshima bomb cloudLove and the bomb

    The Japanese man who lost everything but found peace


  • Northern League supporters at the party's annual meeting in 2011Padania?

    Eight places in Europe that also want independence


  • scottie dogShow-stealers

    How Scottie dogs became a symbol of Scotland


  • Hamas rally in the West Bank village of Yatta, 2006Hamas hopes

    Why the Palestinian group won't back down yet


  • The outermost coffin of Tutankhamun 'Tut-mania'

    How discovery of Tutankhamun's tomb changed popular culture in 1920s


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.