Android phones unlocked in "Frost" attack

News Stacy Warden 08:54, Feb 18 2013

Researchers reveal how to unlock Samsung Galaxy Nexus by cooling and rebooting

Android phones get a lot of flak in the security department. It would seem that Google's OS is forever in the spotlight for some gaping flaw in need of a fix. The latest discovery comes from researchers at Erlangen University in Germany. According to a report by Forbes, the research team proved that Samsung Galaxy Nexus handsets running the latest version of Android are susceptible to a little something called a "cold boot attack."

When this happens it allows those in possession of the phone to access the data on it. This is possible even when the device is protected by a PIN and has its storage disk encrypted. This method of unlocking the phone is known as FROST, which stands for Forensic Recovery of Scrambled Telephones. It's also a fitting acronym, as the handset must first be cooled to around five-degrees Fahrenheit (and then quickly rebooted).

Reportedly, a FROST attack has the ability to reveal boatloads of information on your Android including images, emails and web browsing history, among other personal information. Researchers Tilo Mueller and Michael Spreitzenbarth also found that, in some cases, they could decrypt the device's encrypted storage disk. From the report:

The attack, which was first shown on PCs in 2008 but has never before been applied to mobile devices, takes advantage of an effect known as the “remanence,” the lingering information that remains for a few moments in a device’s memory even when a power source has been removed. The colder the memory, the longer that information lingers. “RAM doesn’t lose its content immediately,” says Mueller. “If it’s 30 degrees celsisus, it’s lost in one or two seconds. But if you cool the phone, the contents are lost in five or six seconds. That gives us enough time to reboot the phone and access the memory.”

Samsung's latest version makes the FROST attack a bit trickier, as it automatically offers a form of protection by locking the bootloader and wiping the user partition if the phone is unlocked. However, this doesn't stop hackers from accessing data stored in RAM. 

[Image credit: Karmela Arocena]

For more Android news and updates on all things mobile, follow Stacy on Twitter


Sponsored Links