Researchers with Princeton University and the Electronic Frontier Foundation have found a flaw that renders disk encryption systems useless if an intruder has physical access to your computer — say in the case of a stolen laptop or when a computer is left unattended on a desktop in sleep mode or while displaying a password prompt screen. The attack takes only a few minutes to conduct and uses the disk encryption key that’s stored in the computer’s RAM. The attack works because content as well as encryption keys stored in RAM linger in the system, even after the machine is powered off, enabling an attacker to use the key to collect any content still in RAM after reapplying power to the machine.
“We’ve broken disk encryption products in exactly the case when they seem to be most important these days: laptops that contain sensitive corporate data or personal information about business customers,” said J. Alex Halderman, one of the researchers, in a press release. “Unlike many security problems, this isn’t a minor flaw; it is a fundamental limitation in the way these systems were designed.” The researchers successfully performed the attack on several disk encryption systems — Apple’s FileVault, Microsoft’s BitLocker, as well as TrueCrypt and dm-crypt — but said they have no reason to believe it won’t work on other disk encryption systems as well, since they all share similar architectures. They released a paper about their work as well as a video demonstration (available at YouTube) of the attack.
Source: releaselog
Video:
Center for Information Technology Policy Lest We Remember: Cold Boot Attacks on Encryption Keys
Reply With Quote
Bookmarks