Freezing Android devices could reveal users’ confidential information, including contact lists, browsing histories and photos, according to security researchers at Erlangen’s Friedrich-Alexander University (FAU) in Germany.
The researchers, including Tilo Muller, Michael Spreitzenbarth and Felix Freiling, have trialled the new technique by freezing phones for an hour to get around the encryption system that safeguards the data on a phone.
Google launched the data scrambling system with its Ice Cream Sandwich Android version that would transparently scramble user partitions and protect users’ confidential information against targeted attacks that bypass screen locks.
According to researchers, data fades from memory much more slowly when chips are cold, which then allows hackers to grab the encryption keys and accelerate unscrambling of the contents of the phone.
Tilo Muller said that the attack generally gave them access to data that had been put in memory as users browsed websites, sent messages or shared pictures.
"We thought it would work because smartphones are really small PCs," Muller said. "But we were quite excited that the trick with the freezer worked so well."
The research group is also working on security against the attack that assures encryption keys will never be incorporated in vulnerable memory chips, instead having to be used in the memory directly attached to the processor of the phone.
