Android Exploit: Researchers Discover "FROST" Cold Boot Can Breach An Android Phone's Secure Data
The researchers at Erlangen University in Germany would like to offer some advice: don't put that Android 4.0+ phone in the freezer. It's been discovered that even on a phone with PIN security and encryption, data can be retrieved from the device via a cold boot attack - that is, the process of turning on the desktop, notebook, smartphone or et cetera and then sucking down the data stored in RAM before it's wiped clean during the boot process.
Normally, a "cold boot" attack doesn't actually refer to cold temperatures, but in this case it does. With the help of its "FROST" tool-set, the researchers found that when the Android phone is tossed into a -15°C freezer for up to an hour, it adds a couple of seconds of time to the boot sequence and in effect allows an attacker to gain access to more data than they normally would. While a normal user is never going to subject their phones to conditions like that on purpose, if an attacker is in possession of your phone, they can probably afford to wait while it chills.
This kind of attack isn't going to be common, but the fact that it can be done at all highlights some security issues on the platform. When a phone is shut down, one of its final steps before turning off should be to purge left-over data in the RAM. Sometimes, this isn't necessary if encryption is involved, but in this particular case, the actual encryption keys could be accessed as well. That means the attacker could then gain access to the phone as normal once the attack is finished.
Select data found with this attack includes Web browser history, images and e-mails, though it's expected that virtually any bits of data could be found if it happened to have been stored in the RAM.
For forensic experts, this kind of flaw is a great thing, but for consumers, it's hardly ideal, and a stark contrast to other areas where Google tries to keep its users safe.