Decrypting your Frozen Mobile Phone

The idea is not new, but the implementation is new, interesting and eye-catching. Tilo Müller and Michael Spreitzenbarth of FAU managed to implement FROST: “Forensic Recovery of Scrambled Telephones”.

The story in brief goes like this: Android phones from version 4.0, have a built-in option to encrypt all data on the storage device. Obviously data is decrypted on the fly when needed and stored not encrypted in the memory (RAM). When not needed anymore or the phone is turned-off, all un-encrypted data in RAM is very carefully deleted.

So what you do is to remove the battery with the phone on and then immediately restart the phone performing a so-called “cold.-boot”. In principle by removing the power all data is lost in the RAM and maintained (encrypted) only on the storage device. But it takes some (short) time for the RAM to forget all data, and this time depends on the kind/material of RAM chip and its temperature. Müller and Spreitzenbarth discovered that if the temperature of the chip in some Galaxy Nexus devices is below 10 degrees Celsius (please put your phone in the fridge…) then you have just enough time to read the unencrypted data in the RAM after the cold-boot, without need to know the password or PIN.

Enjoy the pictures on their website!