Huffpost UK Tech uk

'Cold Boot' Hackers Can Steal Mobile Phone Data By Physically Freezing It

Posted: Updated:

Physically freezing a mobile phone makes it easier to hack.

Researchers in Germany showed that placing phones in low temperatures can bypass security settings on Samsung Android devices.

The hack relies on a tool known as 'Frost', which is used to perform 'cold boot attacks', through which encryption keys are retrieved from the device's RAM, or temporary memory.

With this information data including contacts, visited websites, photos and call records can be taken.

Physically chilling the device was key to letting the researchers read the vital security data, they said, because it meant the information 'lingered' in its memory for five to six seconds after turning it off, allowing them to pull the data with a computer.

The paper used a Galaxy Nexus running Android 4.0 as an example.

The technique has been shown before to work on desktop computers, but this is believed to be the first demonstration for mobile devices.

Authors Tilo Mueller and Michael Spreitzenbarth of the Friedrich-Alexander University of Erlangen-Nuremberg said their research demonstrated it was "generally possible for the first time".

"We show that cold boot attacks against Android phones are generally possible for the first time, and we perform our attacks practically against Galaxy Nexus devices from Samsung... we show that cold boot attacks are more generic and allow to retrieve sensitive information, such as contact lists, visited web sites, and photos, directly from RAM, even though the bootloader is locked."

Read the full paper here. (H/T to PhysOrg)