Disk encryption, which people rely on for protecting sensitive data on laptops, can fairly easily be foiled, security researchers said in presenting a paper on a 'cold-boot attack' at the Usenix security conference on Wednesday.
In a new type of attack that requires physical access to a target computer, an attacker can cut power to a machine that is in sleep mode, restore the power, and boot a malicious operating system from a USB drive or an iPod that can copy the RAM contents.
Although one might think the contents of the RAM would be lost when the power is turned off, this is not the case, according to the team of mostly Princeton University researchers led by J Alex Halderman, a doctoral candidate.
The group found that, contrary to common knowledge, RAM data fades gradually over a period spanning from a few seconds to a few minutes after the power is cut. This could give an attacker time to read the RAM data, including encryption keys, after rebooting into a different operating system or removing the memory chips and placing them into a different computer.
An attacker can extend the data-decay time period by cooling the chip off while the machine is running with a spray of 'canned air', commonly used for cleaning keyboards of dust. With liquid nitrogen, an attacker could take days to retrieve the data if needed.
Popular disk-encryption schemes, such as Microsoft's Bitlocker in Vista, do not protect against this type of attack, and in fact make the laptops more susceptible, the researchers said.
"Overall, the significance is that disk encryption is not the silver bullet that we might have thought in its present state," Halderman, said in an interview after the presentation. "Individuals and businesses that rely on disk encryption need to pay much closer attention to the physical security of their devices."
In addition to Halderman, the research team included Princeton professor Ed Felten, as well as Nadia Heninger, William Clarkson, Joseph Calandrino, and Ariel Feldman of Princeton; Jacob Appelbaum; Seth Schoen of the Electronic Frontier Foundation; and William Paul of Wind River Systems.
This article was first published as a blog on CNET News.com.
 This image shows how data on a RAM chip fades gradually over time. The far left shot shows an image in memory five seconds after the power was cut, followed on the right by 30 seconds, 60 seconds and 5 minutes. (Credit: Center for Information Technology at Princeton University) |
Play video
There are currently no comments for this post.