We use cookies on our websites. Information about cookies and how you can object to the use of cookies at any time or end their use can be found in our privacy policy.

Researchers Extract Sensitive Data from Galaxy Nexus with 'Cold Boot'

Researchers Extract Sensitive Data from Galaxy Nexus with 'Cold Boot'

No one likes to hear that their device is not secure. Unfortunately, as is the case with most technology, the old saying holds true, “where there’s a will there’s a way.” Resourceful hackers will never fail to find useful vulnerabilities and exploits that allow them to obtain sensitive information.

As it turns out, there is a ubiquitous tool which will allow hackers to gain access to any smartphone, tablet or computer. You’ll never guess what the tool is.

FROST- Galaxy Nexus in freezer

It’s a freezer.

Do I have your undivided attention yet?

A dubious pair of researchers, at Erlangen University in Germany, have discovered a process that can be used to access information and data stored in a smartphone’s RAM (Random Access Memory). Even if, the phone is protected by a password or data encryption, it is not immune to the hack. They use what is called a “cold boot attack,” which involves simply freezing the device to gain access to sensitive material. The same process has been used, in the past, to gain access to data stored within a PCs RAM, yet this is the first time it’s been used with a smartphone.

FROST- Galaxy Nexus just out of the freezer

The pair, Tilo Mueller and Michael Spreitzenbarth use a technique which they’ve dubbed as FROST, or Forensic Recovery of Scrambled Telephones. They simply cooled the test device to a temperature of -15 degrees Celsius, which is just 5 degrees Fahrenheit. This allows them to make use of a physical storage phenomenon called “remanence.”

To explain that term in more detail; if the device loses power, or voltage is no longer supplied, then the RAM is cleared, and all data is lost. However, if the device is cooled significantly, the RAM chips will retain the stored data for a while longer.

Galaxy Nexus in recovery using fastboot

After cooling down a Samsung Galaxy Nexus, the researchers rebooted the device (while it was still cool) and performed a RAM dump, using fastboot mode. This allowed them to investigate the dumped information, thus revealing some pretty sensitive material. Mueller and Spreitzenbarth were apparently able to view images, stored emails, contact lists, Wi-Fi passwords, text and MMS messages, and web browsing history. Even more alarming, is the fact that they were able to obtain stored encryption keys, which could then be used, to decrypt secured content located in the phone’s storage (all you actually need to access encrypted content, is the decryption key).

FROST running on Galaxy Nexus

The researchers hope that all of this information will be used for Forensic Recovery, by IT forensics in law enforcement to obtain information from seized devices. They also hope it will ensure that users are aware of the potential security issues with their devices.

In an age, where pretty much everything can be done via a smartphone or tablet on the go, it’s tough to keep sensitive material from being stored on our mobile devices. When armed with the proper knowledge, however, we can better prepare for any type of digital attack, even one that involves a “cold boot”.

While this news and the associated ‘hack’ are quite disturbing, it’s worth noting that there are ways to prevent such access. In this case, the prevention happens to involve making sure the device is off for longer periods. The researchers say that rebooting a device regularly, and keeping the device off for longer periods of time may result in less sensitive material being stored in RAM during a “cold boot”.

If anything, this hack is further proof that you should probably stop leaving your mobile device unattended.

Source: FROST

Recommended articles


Write new comment:
All changes will be saved. No drafts are saved when editing
Write new comment:
All changes will be saved. No drafts are saved when editing

  • I think the advice is in the article, switch off your phone as often as possible to totally clear the RAM. Perhaps overnight and use an alarm clock like we used to do.

  • This is really frightening. What I is the way forward now? Please advice.