Security, Surveillance & Survival

Cold-Boot: HDD Encryption Cracking Crash-Course

The safest computer is formatted, smashed with an ax and buried in cement

By Bogdan Botezatu, Hardware Editor

25th of February 2008, 14:59 GMT

Adjust text size:

The best way to protect data is to refuse physical access to the machine

Hard-disk drive encryption has been widely promoted as the safest way to keep your data away from prying eyes. The advent of Windows Vista and its BitLocker functionality in the Ultimate flavor has made

the whole process simple, but Princeton University researchers have proven again that the user is wrong.

The latest reports from the Princeton specialists show that both Windows Vista's BitLocker, the Mac's FileVault encryption systems can be knelt down in an instant. All that a hacker needs is physical access to the targeted machine and an air spray to go along with a more sophisticated operating kit.

As long as the computer is powered on, the encryption keys are stored in the RAM memory for facile access. The Princeton researchers have started the cracking process from exactly the same spot: they took advantage of the fact that data is not immediately stored after the computer is shut down, but it gets lost piece by piece as the DRAM transistors return to their default state.

"Virtually everybody, including experts, will tell you that DRAM contents are lost when you turn off the power. But this isn't so," wrote researcher Ed Felten on its blog. On the contrary, the data stored in the DRAM cells can be fetched a few minutes after the computer has been switched off, but the data can be preserved for longer periods by cooling down the DRAM chips. For instance, an air spray would do the trick, cooling the chips as low as -50 degrees Celsius.

Using especially tailored software, the attacker could fetch the password directly from its previous location. "Most disk-encryption systems can be defeated if the computer is stolen or accessed while it is in sleep mode or in a password-protected screen saver," Felten wrote. Vista's BitLocker "is also sometimes vulnerable even when the computer is completely off."

The attack may seem too complicated to succeed, but think of the James Bond movies, where janitorial staff would switch to super-agent mode as soon as the last light in the company has been turned off. "The most effective way for users to protect themselves is to fully shut down their computers several minutes before any situation in which the computers' physical security could be compromised," claimed the researchers.

TAGS:

Cold boot | data encryption | storage | HDD

SEARCH THE NEWS ARCHIVE :

Today's News | Yesterday's News | News Archive

User opinions:

Comment #1 by: Adam on 25 Feb 2008, 16:21 GMT

reply to this comment

Vistas bitlocker should not be criticized over a flaw concerning PHYSICAL security of a system, anyone who is in a position to have their computer easily stolen most likely works for a government or major organization. In which cases they WONT be using bitlocker any ways. I'm pretty damn sure the pentagon isnt running norton, with internet exploder, and no fire walls.

Any random person who keeps confidential material on their computer without encrypting that content ITSELF or shredding the files in a timely manner is an idiot.

Share your opinion:

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| ENTER NEWS SITE \| ENGLISH BOARD \| ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved. Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use \| Update your software \| Archive

NEWS CATEGORIES: