Tilo Mueller and Michael Spreitzenbarth, researchers from the Erlangen University in Germany, have come up with a clever attack method that allows them to recover information from locked Android devices.The experts explain that with the release of Android 4.0, the data stored on devices is encrypted, making it impossible for law enforcement and IT forensics teams to access it unless they can brute force the screen lock.
However, the tool set developed by the researchers, dubbed FROST, can be used to retrieve disk encryption keys from the smartphone’s random access memory (RAM). This is done by cooling the memory in a freezer to ensure that the information stored on it is not deleted too quickly.
Mueller has told Forbes that the information stored in the RAM is lost in one or two seconds if the temperature is around 30 degrees Celsius. However, if the temperature of the memory is lowered, the contents remain accessible for as many as five or six seconds, just enough to retrieve the data.
Once the phone is cooled down in a freezer, a fast boot is performed by removing and replacing the battery while holding the power and volume buttons.
The boot takes only half a second and the remaining time is more than enough to retrieve the contents of the RAM via USB.
In the more fortunate cases, the encryption keys can be recovered, allowing the attacker to gain complete access to the phone. In less fortunate scenarios – for instance, if the latest version of the operating systems installed on Samsung phones is used – the boot loader is locked and there’s no way of obtaining the encryption keys.
However, the RAM can still be accessed and considering that users rarely switch off their phones, the volatile memory can contain a lot of valuable information, from calendar entries, emails, SMSs, pictures, and address book contacts.
The researchers have demonstrated their findings on a Samsung Galaxy Nexus, and they believe it’s probably more tricky to reproduce on iOS devices.