An Android phone’s passcode or pattern lock screen may be no match for a freezer, according to new research from scientists at Erlangen University in Germany released Thursday. After chilling a Galaxy Nexus in a freezer, the researchers were able to bypass security settings and read from the phone’s memory by using a "cold boot" attack.

Cold boot attacks, first demonstrated on PCs in 2008, rely on data remanence, wherein the RAM inside a computer retains some residual information after the computer is shut down for a short amount of time. If the computer is cold-booted (turned on and off quickly enough such that the shutdown isn’t complete), attackers can reboot with an alternate operating system (via a USB drive, for instance) that instructs the computer to dump the remnants of information still stored in the memory.

As it turns out, phones are vulnerable to the same kind of attack, but they require a different approach. Smartphones also retain information in memory after shutdown, but only for a second or two. It’s also more difficult to shortchange the shutdown process in a phone because it power-cycles too slowly by default for a two-second memory access window to be useful. The researchers in Germany found that if they chilled the phone down to freezing temperatures, information will linger in the memory for five or six seconds—long enough to pull data out with a computer.



All the scientists needed to do was pull and reseat the battery to power the phone down and then fast-boot by holding down the power and volume buttons. The scientists then ran a tool set called FROST (Forensic Recovery of Scrambled Telephones) by connecting the phone via micro-USB to a Linux PC, which allowed them to offload the RAM remnants from the phone.

Three elements are important to the success of the attack: the phone must have a user-accessible battery, its boot loader must be unlocked, and the attacker must have physical access to the phone. The first two are increasingly uncommon traits in Android smartphones, but phones released with them are susceptible.