Android Security - Placing phones into freezer to decrypt protected data
German researchers have demonstrated a "proof of concept" test where phones placed in a freezer will boot slowly. This may allow possible access to keys which can be used to decrypt protected information stored on the phone.
QUOTE: A team of researchers in Germany has demonstrated a surprising attack on Android phones, where they managed to grab stored cryptographic keys. While we hear about research demonstrations pretty often, this experiment distinguished itself by requiring that the target phone first be chilled in a freezer for an hour. At issue are the encryption tools rolled out for Anroid 4.0, aptly named Ice Cream Sandwich. "For the first time, Android smartphone owners were supplied with a disk encryption feature that transparently scrambles user partitions, thus protecting sensitive user information against targeted attacks that bypass screen locks," wrote the team from Erlangen's Friedrich-Alexander University.
First, they placed the target phone in a freezer. Their goal was to keep the phone at around -15C for about an hour. Interestingly, they reported that this appears not to damage the phone. Once it was adequately cold, the team quickly disconnected and reconnected the battery. Because the device they used to demonstrate the attack did not have a reset button, they wrote that the phone should be unpowered for no more than 500ms. Then, they activated the phone's "fastboot mode" by holding the power button and volume button at the same time. In this mode, the team was able to run their software and recover the keys to decrypt the device's user partition.