Two researchers, Tilo Müller and Michael Spreitzenbarth, over at the University of Erlangen in Germany cooled down a Galaxy Nexus phone, loaded with Android 4.0 and with encryption enabled, below 10 degrees by putting it in a freezer. This cooling ensures that the data within the volatile memory is retained for a short period of time without any power supply. To ensure that they still have access to this ‘frozen’ memory content they disconnected and reconnected the battery in <500ms such that it results into a reboot.
Rebooting the phone in ‘fastboot’ mode, they flashed the FROST recovery image onto the Galaxy Nexus. Connecting the device to a Linux system that had FROST utilities pre-installed the duo, using a special tool that uses the cold boot attack [PDF], went onto to read the contents of the phone’s memory. For this particular hack to work the phone should have its bootloader unlocked.
FROST then goes onto search the Nexus’ memory for cryptographic key that can be used to decrypt user data stored in a memory card or the phone memory. The FROST recovery image can also extract things like photos, Wi-Fi access data, chat history of WhatsApp, and the address book.