We go to such great lengths to secure our smartphones. We put passwords on our lock screens, encrypt our data, and install anti-theft programs, but it’s never enough—someone, somewhere, will find a way around any protective measure you use, no matter how sophisticated.
Unfortunately, it can be far easier than you’d think. All you need to access data on an Android phone is a freezer.
Tilo Mueller and Michael Spreitzenbarth, two researchers from the Friedrich-Alexander University of Erlangen-Nuremberg, were able to read data including images, email, and browsing history from the memory of a Samsung Galaxy Nexus just by putting it in a freezer for an hour.
They call their method FROST, which stands for forensic recovery of scrambled telephones.
They’re not the first to use this type of recovery, called a cold-boot attack, but they are the first to do it on an Android device. The process is actually quite simple and only takes a few seconds, but does require a Linux PC and quick hands.
FROST essentially involves freezing a device so that the contents take longer to fade when it’s powered down, then rebooting it to offload the RAM. At a normal room temperature, the data fades from the RAM after about one or two seconds, but cold temperatures slow down the process and give you up to five or six seconds to access the memory.
On a phone with a locked bootloader, FROST will give you access to the memory. If the bootloader is unlocked, you will also be able to break disk encryption. Before you get started, you’ll want to download the recovery image from the researchers’ writeup.
Make sure the phone has enough charge to last at least an hour, then wrap it in a plastic freezer bag. Put it in a -15 degree Celsius (5 degrees Fahrenheit) freezer for about an hour. The phone’s temperature should be below 10 degrees Celsius (50 degrees Fahrenheit)
If you want to speed up the process, you can also use a can of compressed air. Just hold the can upside down and spray, but be sure to wear gloves as direct contact with skin can cause frostbite.
Check to make sure the power is still working. If so, reboot the phone by quickly removing and replacing the battery. Raise the battery slightly at one end, but don’t take it out completely. Move it back and forth, then put it back in place quickly so that it is disconnected for less than half a second.
Now, hold the power button and the volume up and down keys to enter “fastboot” mode.
From fastboot mode, you can flash the FROST recovery image onto the phone.
Connect the device to a Linux PC with the downloaded files installed. Flash the frost.img file by entering “fastboot flash recovery frost.img”.
Once it’s finished, choose Recovery Mode from the menu. Now, the device will boot into FROST.
From here, you can also recover the full disk encryption keys if the bootloader is unlocked by using quick search, full search, or brute force, which will allow you to decrypt the device.