With the proliferation of smartphones around the globe, smartphone owners are now holding a lot of sensitive data on their mobile devices. Getting a phone stolen now days brings a new set of problems; not only do you lose your phone, but any sensitive data on your device could potentially be accessed by whomever now possesses the device. Android has added many security features to their OS over time, providing SD encryption and stronger password options. Although these features may be enough for protecting our data against most common thieves, there is a way to get around these security features, and have been demonstrated on a Galaxy Nexus smartphone.
At Erlangen University in Germany, researchers used a Galaxy Nexus device to demonstrate a method called “cold-booting” on certain Android devices to bypass security features. The process, which has been a favorite of computer hackers since it was first demonstrated on PC’s in 2008, uses a freezer to complete its objective. This technique is possible because of the tendency of RAM to keep tiny bits of data for a few seconds after shutdown. By putting the device in a freezer, hackers can get 5 to 6 seconds of data retention, which allows the hackers to get the device into fastboot mode and grab the data using a toolkit called FROST (Forensic Recovery of Scrambled Telephones). After capturing the remnant data, hackers have full access to the device.
For this technique to work, the target device needs to have a removable battery, and has to have an unlocked bootloader. Luckily, the vast majority of Android devices have their bootloaders locked, so this shouldn’t be something to worry about too much. That said, the ability to steal data from you smartphone via throwing it in a freezer is real, unlike microwaving your smartphone to charge it up.