Frozen Android Phones Give Up All Your Data Secrets: Freeze Android phone can help hackers to steal your important and confidential information, German security researchers at Erlangen’s Friedrich-Alexander University.
In their experiment, the Germen team froze the Samsung Galaxy Nexus smartphone for an hour to get around the encryption system that protects the user data by scrambling it. Data scrambling was introduced by Google with the Icecream Sandwich version of Android. But after freezing, the researchers Cold Boot the phone and revealed out the photos, contact lists, and browsing history.
Frozen Android Phones Give Up All Your Data Secrets -Cold Start
The scrambling system Android uses to secure the data inside user’s smartphone is good for owner. But it’s a nightmare for law enforcement and forensics department in case of any crime where the phone is an evidence.
So how does this Freezing the phone, works?
In their experiment, Michael Spreitzenbarth, Tilo Muller, and Felix Freiling kept the smartphone inside a freezer until it cools down to -10°C. Then they quickly connected and disconnected the battery of frozen phone which put it into venurable state.
This loophole enabled scientists to run phone with a custom-designed operating system rather than its onboard Android OS. The trio has named their custom-designed software, FROST -Forensic Recovery of Scrambled Telephones. This Frost system provided them with the interface through which they copied the phone data including photos, contact list, and browser data then used it to analyse on computer.
A Cold Boot technique has been already tried on PCs and Laptops but nobody has tried the same on mobile devices, they were the first to try this. They experimented on Samsung Galaxy Nexus device, which was the first mobile to use Android encryption technology. According to researchers, the Cold Boot technique will work on all other Android devices too. In case of chilled mobile the data on memory fades very slowly which helped the PhD students to capture the encryption keys and unscramble the content on phone very quickly. They needed to search FDE key file from disk and then crack the 4-digit PIN through FROST.
Practical Procedure to Unlock Locked Smartphone
Credit for this procedure goes to–>> Informatic
|1) We have used Samsung Galaxy Nexus device for Cold Boot but if you have access to other Android device our tool will still work.||2) Now make sure the device is scrambled with Android 4.0 operating system.||3) First assure that your phone is charged for one hour at least. Otherwise pack it into a freezer bag.|
|4) Now put the phone into a freezer and let it cool-down below -10°C. Because RAM contents fade away more slowly if RAM chips are cold.||5) Let the phone inside a -15 degree Celsius freezer for about 60 minutes. Btw, we do not provide guarantee. Damaging the phone is your own risk, but we haven’t experienced any problems yet.||6) After an hour, the phone temperature should be below 10°C. Usually we measure a point of the phone’s motherboard (below the SIM card slot).|
|7) If the phone is cold enough, quickly check if it is still working by pressing the power button. If so, we are now ready to deploy cold boot attacks against it.||8) Unfortunately, the Galaxy Nexus has no ‘reset-button’ and shutting the device down in software is too slow.||9) So we must to reboot the device by replugging its battery quickly. To this end, remove the battery cover.|
|10) Raise the battery slowly, without disconnecting it from the phone, until it is a bit above the device case.||11) Then push the battery back and forth very quickly, such that it gets disconnected from the phone for less than 500ms.||12) Immediately afterwards (or better already before) hold the power button together with the volume up and volume down buttons.|
|13) This key combination brings you into ‘fastboot’ mode, rather than booting into Android. In fastboot mode, we can flash our FROST recovery image onto the device.||14) To this end, connect the smartphone to a Linux PC via USB. On the Linux PC, the fastboot utilities must be installed.||15) Flash the frost.img file from our download section to the phone: ‘fastboot flash recovery frost.img’. For this command to work, the bootloader must be unlocked.|
|16) After the flash operation has finished, you can choose the ‘Recovery Mode’ option from the fastboot menu.||17) Now the phone boots into FROST, without the requirement to reboot it again (which is important in the cold boot scenario).||18) Inside the recovery image, we suggest to try the recovery of FDE keys from RAM via quick search mode. If that fails, you can try full search, or the bruteforce approach. On success you can decrypt the user partition now.|
Don’t miss: How To Create Virus Using Notepad and C Language
Key recovery from RAM
FROST user interface.
Cracked 4-digit PIN via bruteforce.