Browse > Home / Blog article: Hard drive encryption not secure

Hard drive encryption not secure

By Dave Nixon

February 22, 2008

Encrypting your laptop’s hard drive does not maintain safe data, according to researchers at Princeton University.

They’ve revealed a method to appropriate the hard drive encryption key used by products such as Windows Vista’s BitLocker or Apple’s FileVault. With that key, hackers could get admittance to all of the data stored on an encrypted hard drive.

That’s due to a physical property of the computer’s memory chips. Data in these DRAM processors vanishes when the computer is turned off, but it appears that this doesn’t occur immediately, according to Alex Halderman, a Princeton graduate student who worked on the paper.

Indeed, it can take minutes before that data disappears, giving hackers a way to discover encryption keys.

For success, the computer must be initially running or in standby mode. It would fail against a computer that had been shut off for a few minutes because the data in DRAM would have disappeared by then.

The attacker merely turns the computer off for a second or two and then reboots the system from a portable hard disk, which contains software that can scrutinize the contents of the memory chips. This provides an attacker with operating system protection circumvention that keeps the encryption keys concealed in memory.

Halderman said “This enables a whole new class of attacks against security products like disk encryption systems that have depended on the operating system to protect their private keys. An attacker could steal someone’s laptop where they were using disk encryption and reboot the machine … and then capture what was in memory before the power was cut.”

Some computers clean the memory when they boot up, but even these systems can be susceptible, Halderman said. Researchers established that if they cooled down the memory chips by spraying canned air on them, they could decelerate the rate at which memory disappeared. Cooling chips down to about -50 degrees Celsius provided researchers with time to power down the computer and then install the memory in another PC that would boot without wiping out the data. “By cooling the chips we were able to recover data perfectly after 10 minutes or more,” Halderman said.

Click here to discuss this: Security Forums

Filed Under Computer Security, Hardware Security, IT Security 
Tagged:



Add to Bookmarks:

ADD TO DEL.ICIO.US     ADD TO DIGG     ADD TO FURL

ADD TO STUMBLEUPON     ADD TO YAHOO MYWEB     ADD TO GOOGLE     ADD TO SPURL


Related posts to "Hard drive encryption not secure":



Comments

Got something to say?





Visited 346 times, 2 so far today