Monday, February 25, 2008

Cold-Boot: HDD Encryption Cracking Crash-Course - The safest computer is formatted, smashed with an ax and buried in cement

Image Hosted by ImageShack.us


Hard-disk drive encryption has been widely promoted as the safest way to keep your data away from prying eyes. The advent of Windows Vista and its BitLocker functionality in the Ultimate flavor has made
the whole process simple, but Princeton University researchers have proven again that the user is wrong.

The latest reports from the Princeton specialists show that both Windows Vista's BitLocker, the Mac's FileVault encryption systems can be knelt down in an instant. All that a hacker needs is physical access to the targeted machine and an air spray to go along with a more sophisticated operating kit.

As long as the computer is powered on, the encryption keys are stored in the RAM memory for facile access. The Princeton researchers have started the cracking process from exactly the same spot: they took advantage of the fact that data is not immediately stored after the computer is shut down, but it gets lost piece by piece as the DRAM transistors return to their default state.

"Virtually everybody, including experts, will tell you that DRAM contents are lost when you turn off the power. But this isn't so," wrote researcher Ed Felten on its blog. On the contrary, the data stored in the DRAM cells can be fetched a few minutes after the computer has been switched off, but the data can be preserved for longer periods by cooling down the DRAM chips. For instance, an air spray would do the trick, cooling the chips as low as -50 degrees Celsius.

Using especially tailored software, the attacker could fetch the password directly from its previous location. "Most disk-encryption systems can be defeated if the computer is stolen or accessed while it is in sleep mode or in a password-protected screen saver," Felten wrote. Vista's BitLocker "is also sometimes vulnerable even when the computer is completely off."

The attack may seem too complicated to succeed, but think of the James Bond movies, where janitorial staff would switch to super-agent mode as soon as the last light in the company has been turned off. "The most effective way for users to protect themselves is to fully shut down their computers several minutes before any situation in which the computers' physical security could be compromised," claimed the researchers.

No comments: