Android Ice Cream Sandwich encryption broken with the aid of a freezer

When Google released Android 4.0 (Ice Cream Sandwich) back in 2011, it introduced a new data scrambling system designed to protect sensitive user information from snoopers who successfully managed to bypass the lock screen.

It’s strong security, but a team of German researchers have managed to crack the encryption by freezing a Galaxy Nexus and using a toolset called FROST (Forensic Recovery Of Scrambled Telephones) to retrieve contact lists, browser histories, and photos (basically everything you’d want to keep private).

The process, detailed here, involved firstly unlocking the bootloader and then packing the Galaxy Nexus into a freezer bag and putting the device inside a 15 degree Celsius freezer for an hour until the phone temperature was below 10 degrees. Once cold, they turned the phone on to check it was working, dismantled it, reassembled it, and put it into fastboot mode.


From there (still acting quickly) they connected it to a Linux PC via USB and flashed the pre-compiled, frost.img recovery image file and were able to use the software to decrypt the user partition.

There’s something amusing about breaking Ice Cream Sandwich encryption using a freezer (perhaps they tried Gingerbread with a cup of tea initially) but the method works because cooling the RAM chips slows down the speed that data fades from them, giving the crackers more time to access the phone’s contents.

Having cracked the Galaxy Nexus, the researchers say they plan to try out their system on other Android devices.

If you have a Galaxy Nexus and fancy trying it for yourself -- and are prepared to accept the risks involved with sticking your phone in a freezer -- you can download the FROST recovery image and everything else you'll need from the website.

2 Responses to Android Ice Cream Sandwich encryption broken with the aid of a freezer

© 1998-2022 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.