The team have been experimenting on a Samsung Galaxy Nexus to see if the ‘cold boot’ attack that has been tried and tested on PCs and laptops will also work on phones. The team froze the handset until it reached -10C as a way of getting around the encryption system - implemented by Google with the Android Ice Cream Sandwich OS - that protects phone data by scrambling it.
They discovered that connecting and quickly disconnecting the battery leaves the frozen phone in a vulnerable mode (when chips are chilled, data fades much more slowly from the memory) which allowed them to start the handset up with custom made software; as opposed to the Android OS. They could then copy the data directly from RAM and analyse it on another device. Revealed was sensitive information such as contact lists, search history and photos.
The scrambling system is arguably good for end users; ensuring their information remains confidential, but is a ‘nightmare’ for forensic and law enforcement workers. The tool the team use for unscrambling data is FROST, an acronym of "forensic recovery of scrambled telephones”. Good work indeed.
Check out the trio’s blog for more information on your mobile phone security.
