“Frost Attack”(Forensic Recovery Of Scrambled Telephone)
German researchers were able to retrieve personal data from a Samsung Galaxy Nexus Android device, after putting it in a freezer (below -10°C) to circumvent the encryption system.
The encryption system of Google in version 4.0 of Android (Ice Cream Sandwich) protects users from data theft in case of device loss. The “Frost Attack” method takes advantage of the fact, that the data of RAM does not fade easily at such low temperature conditions.
The two researchers at the University of Erlangen in Germany (Fridrik and Alexander) put the phone into a freezer for about 60 minutes, at about -10°C. Then they deployed a cold boot attack against it.
They boot in ‘fastboot’ mode, rather than booting into Android. In the final step, the device was connected to a computer running Linux OS with fastboot utilities installed and they flashed it using the Frost image, through which they retrieved the encryption keys stored in RAM.
With “Frost Attack” process, they were able to recover all data stored in device’s RAM, including photos, contact lists and web browsing history.
The research team argues that they developed Frost software, to be able to retrieve useful data from mobile phones of suspects. But they are now trying to find ways to protect devices from cold boot attacks, so that all the keys can not be stored in RAM, but only in the processor’s memory.
Check here to learn more about “Frost Attack”.