Frozen Android phones give up data secrets

Image caption, Chilling a phone makes its contents vulnerable to copying

Freezing an Android phone can help reveal its confidential contents, German security researchers have found.

The team froze phones for an hour as a way to get around the encryption system that protects the data on a phone by scrambling it.

Google introduced the data scrambling system with the version of Android known as Ice Cream Sandwich.

The attack allowed the researchers to get at contact lists, browsing histories and photos.

Cold start

Android's data scrambling system was good for end users but a "nightmare" for law enforcement and forensics workers, the team at Erlangen's Friedrich-Alexander University (FAU) wrote .

To get around this, researchers Tilo Muller, Michael Spreitzenbarth and Felix Freiling from FAU put Android phones in a freezer for an hour until the device had cooled to below -10C.

The trio discovered that quickly connecting and disconnecting the battery of a frozen phone forced the handset into a vulnerable mode. This loophole let them start it up with some custom-built software rather than its onboard Android operating system. The researchers dubbed their custom code Frost - Forensic Recovery of Scrambled Telephones.

The Frost software helped them copy data on a phone that could then be analysed on a separate computer.

A chilled phone also helped their hacking project. Data fades from memory much more slowly when chips are cold which allowed them to grab the encryption keys and speed up unscrambling the contents of a phone.

PhD student Tilo Muller told the 大象传媒 that the attack generally gave them access to data that had been put in memory as users browsed websites, sent messages or shared pictures.

The researchers tested their attack against a Samsung Galaxy Nexus handset as it was one of the first to use Android's disk encryption system. However, they said, other phones were just as likely to be vulnerable to the attack. The team are planning further tests on other Android handsets.

While the "cold boot" attack had been tried on desktop PCs and laptops, Mr Muller said the trio were the first to try it on phones.

"We thought it would work because smartphones are really small PCs," he said. "but we were quite excited that the trick with the freezer worked so well."

The German research group is now working on defences against the attack that ensures encryption keys are never put in vulnerable memory chips. Instead they are only used in the memory directly attached to a phone's processor.