| | 02-18-13, 01:04 PM Thread Author #1
FROST Attack Allows Hackers to Access Android Data after Freezing Your Phone
Researchers have discovered that its possible to retrieve data stuck in an Android phones RAM after it has been frozen. Seems bizarre, but its apparently a very legitimate security problem. The scientists, who studied the technique at Erlangen University, call the process Forensic Recovery of Scrambled Telephones, or FROST for short.
Heres how it works, as described by Forbes: the researchers found that if they cool down a phones RAM long enough, then theres a small window of time, just a few seconds, in which they can connect the phone to a computer and pull out the data that was stored in memory. It doesnt provide everything stored on the phone, but can sometimes reveal the password thats used to unlock a device.
RAM doesnt lose its content immediately, one researcher explained. If its 30 degrees celsisus, its lost in one or two seconds. But if you cool the phone, the contents are lost in five or six seconds. That gives us enough time to reboot the phone and access the memory.
The scientists dont think the issue will work with iOS users, and noted that full access to a phone would require that the bootloader is unlocked. This is most prevalent among users who prefer to install custom ROMs on smartphones. Still, hackers could gain access to Wi-Fi passwords, emails, photos and more. The full research report is expected to be published soon.