Android Encryption Can Be Bypassed by Putting Your Phone in the Freezer

As frequent readers of the One Click Root blog already know, we recommend encrypting phone data in order to protect it from unauthorized access. Good encryption can’t be unlocked – even by the world’s most powerful computers – which is why it’s a good way of protecting your texts, passwords, pictures, and any other important data you have on your Android. Fortunately, Android has native encryption, which means that Android users don’t have to do anything in order to protect their most sensitive data. But Android encryption isn’t perfect. A team of German researchers recently found that by physically freezing an Android device, its encryption could be bypassed. The report went like this: -German researchers exposed an Android to freezing temperatures for one hour -After one hour had passed, the researchers could bypass Android’s native encryption feature (it’s been a built-in part of Android since Ice Cream Sandwich) by using a special script called FROST -Researchers were able to access encrypted contact information, browsing histories, pictures, and more To make the report even more surprising, the temperatures weren’t even that low. Phones were frozen at a mere ten degrees below 0 Celsius. Then, the battery was disconnected and reconnected, which placed the handset in a vulnerable mode. Researchers used a code as the handset was starting up. This code was called FROST – Forensic Recovery Of Scrambled Telephones – and it gave researchers access to the inner depths of the phone. So if you live in Canada, Russia, or any other country where it routinely gets below -10 degrees, then getting access to a friend’s encrypted phone is as easy as walking around outside for one hour and then running a simple script. Scary!

Why it works

Physically freezing a phone in order to access internal encrypted databases seems like an odd concept, but there’s a good reason why it works. Researchers suspect that the low temperatures cause data to fade from chips more slowly. This allows researchers to obtain encryption keys before the device knew how to protect itself. You can read the full report here