Unscrambling an Android Telephone With FROST

Noryungi writes "Researchers at the University of Erlangen demonstrate how to recover an Android phone's confidential content, with the help of a freezer and FROST, a specially-crafted Android ROM. Quite an interesting set of pictures, starting with wrapping your Android phone in a freezer bag."

What do you get from sitting on the ice too long?

[DFurno2003]

Polaroids Get it?

Why do freezers always seem to help recover data?

[nefus]

As far back as the late 1980's we used freezer's on hard-drives to recover data. It helped against various over-heating issues so you could recover just a little bit more data each time you used the drive. Every few years you hear about some other method to recover data with a freezer including putting a device in the freezer. Funny how it always works. All hail the freezer!

Re:Amazing!

I guess the point is that this is an unnecessary hole in the security. The boot loader should not load anything without first wiping the RAM. The attack depends on the ability to boot into fastboot mode, which is then used for flashing a new recovery ROM, and that is booted as well without clearing the RAM. There is no normal situation where a booting system should have access to the previous RAM contents, so wiping the RAM first thing in the boot loader is a safe thing to do.

Re:Why do freezers always seem to help recover dat

To expand on why this works.
The RAM in a phone is dynamic RAM.
It does not store data when unpowered, but needs that data to be periodically refreshed many times a second.
It turns out, that especially when cooled, the RAM may in fact retain information for some period short enough to allow the device to be unpowered and repowered, and essentially retain all its data. (there may be a few errors).

This, combined with booting into a new OS which then allows you to dump or do other things to the RAM enables the attack.