Ice Cream Sandwich vulnerable to fridges

German insecurity experts have ways of making your Android phone talk.

Apparently if you torture an android phone by freezing it for an hour you can get around the encryption system that protects the data.

Google, bless its cotton socks, introduced the data scrambling system with the version of Android known ironically as Ice Cream Sandwich.

Security experts at Erlangen’s Friedrich-Alexander University (FAU) wondered what would happen if you stuck an Ice Cream Sandwich in the freezer.

It turned out that it did not like it at all and the process allowed the researchers to get at contact lists, browsing histories and photos.

While this is great for law enforcement and forensics workers it is not so hot for users who depend on their phones to give them a bit of privacy.

According to their blog , researchers Tilo Muller, Michael Spreitzenbarth and Felix Freiling call their technique FROST which is German humour for Forensic Recovery Of Scrambled Telephones.

Apparently all they had to do was chill the phone to -10C and it would spill any secrets that it was asked.

They discovered that quickly connecting and disconnecting the battery of a frozen phone forced the handset into a vulnerable mode.

This loophole let them start it up with some custom-built software rather than its onboard Android operating system.

Frost helped them copy data on a phone that could then be analysed on a separate computer.

If the phone was chilled, data fades from its memory much more slowly which allowed the researchers to grab the encryption keys and speed up unscrambling the contents of a phone.

The attack was on a Samsung Galaxy Nexus handset but any Android phone with the encryption system was vulnerable, the blog said.

Apparently this form of attack has been tried on desktop PCs and laptops before. It was hoped that it would work better on phones because they are smaller and do not require a big fridge.

The German research group is now working on defences against the attack that ensures encryption keys are never put on memory chips which are more vulnerable to cold.