Modernizing Authentication — What It Takes to Transform Secure Access
According to researchers at Germany's Erlangen University, it's possible to bypass the lockscreen of a Galaxy Nexus smartphone by putting it in a freezer.
"By cooling the device to below 10 degrees, the volatile memory can be made to retain data for a short period of time without power," The H Security reports. "Tilo Muller and Michael Spreitzenbarth exploit this to disconnect the battery for a moment, resulting in a reboot. They then use a key combination to invoke the bootloader, allowing them to flash and run their own recovery image, dubbed 'Frost.'"
"In practice, Muller's team was able to successfully extract a variety of data from encrypted smartphones using these techniques, including photos, recently visited websites, emails and Whatsapp messages, contact lists, calendar entries, and Wi-Fi credentials," writes The Register's Neil McAllister.
"Three elements are important to the success of the attack: the phone must have a user-accessible battery, its boot loader must be unlocked, and the attacker must have physical access to the phone," writes Ars Technica's Casey Johnston. "The first two are increasingly uncommon traits in Android smartphones, but phones released with them are susceptible."
"Going forward the two hope to implement the attack on more Android phones than just the Galaxy Nexus and find a way to glean even more information from the phone’s RAM, including 'GPS coordinates and the list of recent phone calls,'" writes Threatpost's Christopher Brook.
"Even if your phone doesn’t meet all those criteria, this little trick serves as a valuable reminder: don’t rely on the lockscreen for total security," writes Gizmodo's Eric Limer. "There are always ways around it."