Posts Tagged ‘schoen’

Frozen Memory Hack

March 5, 2008

A bunch of Princeton researchers figured out that your RAM actually keeps data, once the power’s cut, for a lot longer than commonly thought. They also worked out that if you flip a compressed air can and spray it on the RAM chip, it will retain data for an even longer period of time. They then developed a tool that can boot from a USB device and steal encryption keys (which are stored in RAM) for whole disk encryption tools like TrueCrypt, Windows BitLocker and Mac FileVault.

Should we be concerned? Not really.

For one, a hacker needs physical access to your computer, and, unless you’ve got something super valuable on your computer (that someone else knows about), noone is going to bother going to all the effort. In any case, if your computer was on, surely they’d just access the data on the spot… or steal the whole thing. The other thing is, after about a minute, the data is as good as gone from your RAM, so if anyone’s concerned about it, the problem can be solved by just hanging around for a minute or two after you switch your machine off. Furthermore, this only really affects whole disk or system partition encryption. If you store your really important files in a encrypted volume file (with TrueCrypt), the encryption key will be securely erased when you unmount. Hence, this attack wouldn’t work.

The only everyday situation where I could see this being a problem is if you have particularly untrustworthy co-workers. They could perform this hack while you take a toilet break and then, with knowledge of the key, access your computer at a later date. They could also use Winlockpwn to bypass your Windows password.

To sum up, it’s annoying that this is possible, but it won’t really affect most people. Congrats to the Princeton guys though. This is some very clever engineering.