Researchers bypass Android encryption by exposing phones to freezing temperatures

By Katie Marsal

Security researchers in Germany have discovered that physically freezing an Android smartphone can grant access to encrypted data.


Researchers freezing a Galaxy Nexus, via Friedrich-Alexander University.

Google's encryption method, which has been a part of Android since the "Ice Cream Sandwich" release, was bypassed by exposing a smartphone to freezing temperatures for an hour, according to the BBC. After that time period, researchers were able to access previously encrypted contacts, browsing histories, and photos.

The test was conducted by researchers from Friedrich-Alexander University in Germany with Samsung Galaxy Nexus handsets, and the phones were cooled to 10 degrees below zero Celsius. Then the battery was quickly disconnected and reconnected, placing the handset into a vulnerable mode.

"This loophole let them start it up with some custom-built software rather than its onboard Android operating system," the report said. "The researchers dubbed their custom code Frost — Forensic Recovery of Scrambled Telephones."


The "FROST" hack in action, via Friedrich-Alexander University.

The strange and involved process of bypassing Android encryption is not likely a concern to end users of Android devices, but could be an issue for corporations and governments that carry highly sensitive information on mobile devices. The researchers said that while they tested their methods with the Galaxy Nexus, other Android phones are also likely to be vulnerable.

Freezing the phone reportedly aids in the hacking of Android because the low temperatures cause data to fade from internal chips more slowly. Researchers used this phenomenon to obtain encryption keys and unscramble the phone's encrypted data.