By using a new type of attack the team, which includes academsic, industry and independent researchers, has proven that they were capable to crack wide open popular security technologies for disk encryption, such as Bit Locker, FileVault or dm-crypt.

The bad news is that “unlike many security problems, this isn’t a minor flaw; it is a fundamental limitation in the way these systems were designed,” said one of the researchers Alex Halderman, a Ph.D. candidate in Princeton’s computer science department.

Basically, as the researchers explained, the new attack exploits the fact that information stored in RAM, does not disappear immediately when a computer is shut off or when the memory chip is taken from the machine, as is commonly thought.

Similar to other security technologies, disk encryption is based on the use of secret keys - essentially large random numbers - to encode and protect information. Once a used types in a password, the keys are stored in RAM and until now it was belived that the data are disappearing as soon as the RAM chips lose power.

But in fact, the data are still available for several second to a minute, the researchers claimed.   Moreover, the data will be abailable for a longer period of time if the RAM chips are cooled down.

By using a special designed software, the researchers were able to gain acces to essential encryption information automatically after cutting power to machines and rebooting them. The method worked when the attackers had physical access to the computer and when they accessed it remotely over a computer network.

The attack even worked when the encryption key had already started to decay, because the researchers were able to reconstruct it from multiple derivative keys that were also stored in memory.

After obtaining the encryption key, they could then easily access all information on the original machine.

According to the their findings, the  attack is particularly effective against computers that are turned on but are locked, such as laptops that are in a “sleep” or hibernation mode.

The good news is that the success rate of the attack were lower when the computer was turned off entirely.

Also, obtaining the low temperatures required to prolong the “life” of the data stored in RAM is not serious impediment. But the same researchers proved they were able to cool down the RAM chips readily available “canned air” keyboard dusting products.

When turned upside down, these canisters spray very cold liquid. Discharging the cold liquid onto a memory chip, the researchers were able to lower the temperature of the memory to -50 degrees Celsius. This slowed the decay rates enough that an attacker who cut power for 10 minutes would still be able to recover 99.9 percent of the information in the RAM correctly.

The researchers posted the paper describing their findings on the website of Princeton’s Center for Information Technology Policy. They submitted the paper for publication and it is currently undergoing review.

Meanwhile, the researchers have contacted several manufacturers to make them aware of the vulnerability: Microsoft, which includes BitLocker in some versions of Windows Vista; Apple, which created FileVault; and the makers of dm-crypt and TrueCrypt, which are open-source products for Windows and Linux platforms.