Even the hard drive of your laptop is protected by the most
advanced security technologies available today it does mean that your private
files are perfectly safe. At least this is the conclusion of a new research
published today by a team of researchers.
By using a new type of attack the team, which includes academsic,
industry and independent researchers, has proven that they were capable to
crack wide open popular security technologies for disk encryption, such as
Bit Locker, FileVault or dm-crypt.
The bad news is that “unlike many security problems, this
isn’t a minor flaw; it is a fundamental limitation in the way these systems
were designed,” said one of the researchers Alex Halderman, a Ph.D. candidate
in Princeton’s computer science department.
Basically, as the researchers explained, the new attack
exploits the fact that information stored in RAM, does not disappear
immediately when a computer is shut off or when the memory chip is taken from
the machine, as is commonly thought.
Similar to other security technologies, disk encryption is
based on the use of secret keys - essentially large random numbers - to encode
and protect information. Once a used types in a password, the keys are stored
in RAM and until now it was belived that the data are disappearing as soon as
the RAM chips lose power.
But in fact, the data are still available for several second
to a minute, the researchers claimed. Moreover, the data will be abailable for a
longer period of time if the RAM chips are cooled down.
By using a special designed software, the researchers were
able to gain acces to essential encryption information automatically after
cutting power to machines and rebooting them. The method worked when the
attackers had physical access to the computer and when they accessed it
remotely over a computer network.
The attack even worked when the encryption
key had already started to decay, because the researchers were able to
reconstruct it from multiple derivative keys that were also stored in memory.
After obtaining the encryption key, they could then easily
access all information on the original machine.
According to the their findings, the attack is particularly effective against
computers that are turned on but are locked, such as laptops that are in a
“sleep” or hibernation mode.
The good news is that the success rate of the attack were
lower when the computer was turned off entirely.
Also, obtaining the low temperatures required to prolong
the “life” of the data stored in RAM is not serious impediment. But the
same researchers proved they were able to cool down the RAM chips readily
available “canned air” keyboard dusting products.
When turned upside down,
these canisters spray very cold liquid. Discharging the cold liquid onto a
memory chip, the researchers were able to lower the temperature of the memory
to -50 degrees Celsius. This slowed the decay rates enough that an attacker who
cut power for 10 minutes would still be able to recover 99.9 percent of the
information in the RAM correctly.
The researchers posted the paper describing their findings
on the website of Princeton’s Center for Information Technology Policy. They
submitted the paper for publication and it is currently undergoing review.
Meanwhile, the researchers have contacted several
manufacturers to make them aware of the vulnerability: Microsoft, which
includes BitLocker in some versions of Windows Vista; Apple, which created
FileVault; and the makers of dm-crypt and TrueCrypt, which are open-source
products for Windows and Linux platforms.
