| | 02-18-13, 12:04 PM Thread Author #1
FROST Attack Allows Hackers to Access Android Data after Freezing Your Phone
Researchers have discovered that it’s possible to retrieve data stuck in an Android phone’s RAM after it has been frozen. Seems bizarre, but it’s apparently a very legitimate security problem. The scientists, who studied the technique at Erlangen University, call the process Forensic Recovery of Scrambled Telephones, or FROST for short.
Here’s how it works, as described by Forbes: the researchers found that if they cool down a phone’s RAM long enough, then there’s a small window of time, just a few seconds, in which they can connect the phone to a computer and pull out the data that was stored in memory. It doesn’t provide everything stored on the phone, but can sometimes reveal the password that’s used to unlock a device.
“RAM doesn’t lose its content immediately,” one researcher explained. ”If it’s 30 degrees celsisus, it’s lost in one or two seconds. But if you cool the phone, the contents are lost in five or six seconds. That gives us enough time to reboot the phone and access the memory.”
The scientists don’t think the issue will work with iOS users, and noted that full access to a phone would require that the bootloader is unlocked. This is most prevalent among users who prefer to install custom ROMs on smartphones. Still, hackers could gain access to Wi-Fi passwords, emails, photos and more. The full research report is expected to be published soon.