In this case, almost literally. The Forensic Recovery of Scrambled Telephones (FROST) technique involves getting the phone really, really cold and then quickly cutting its power and dumping the memory’s contents to a drive. It’s an idea that’s been around for a while and is usually called a “cold boot attack.”
Is it realistic for thieves and hackers to use this against your Android? Probably not. Neat science experiment on how random access memory (RAM) works? Absolutely.
The story was released in Forbes and hit the Web to make some rounds. The idea is relatively straight forward and takes advantage of a (sort of) weakness that all types of RAM have: residual, though short-lived memory retention.
Here’s how it works. Normally, if you quickly unplug a device utilizing RAM to store data, the electricity will leave the memory and the data stored will quickly “dissipate” since random access memory requires power to retain data. At room temperature, this erasure takes about two seconds.
But if you take the same RAM (in this case an Android-powered Galaxy Nexus phone) and put it below freezing (5-degrees Centigrade), the memory retention lasts a bit longer; roughly six seconds.
From there it’s just a matter of taking advantage of that extra few seconds of time to grab all of the data you can. For the phone in question, the students used a simple memory dump program attached to a USB device.
So the process is: put the powered-on phone (obviously, otherwise it’s already dumped it’s RAM) into the freezer until it goes FROSTy (ha), connect a USB dump/recovery device, quickly pull the battery from the phone (killing its power) and activate the dump. The residual memory is pulled because the protections on the phone are hard-wired and lose their effect immediately upon power loss. Viola! Info grabbed.
In practical terms, of course, this is highly unlikely to be used as a way to steal data from your smart phone.
