Research Team Breaks Popular Disk Encryption Technologies

By Matthew Harwood

A team of researchers has discovered security flaws in many popular disk encryption technologies used to secure the data held within a computer, says the Electric Frontier Foundation (EFF), which participated in the study with Princeton University and other researchers.

Incredibly, the attack is as simple as physically freezing a computer's memory chips with cold air from a can of off-the-shelf spray duster, then extracting encryption key data, researchers found. Inactive, or "sleeping," computers are especially vulnerable.

According to EFF:

The researchers cracked several widely used disk encryption technologies, including Microsoft's BitLocker, Apple's FileVault, TrueCrypt, and dm-crypt. These "secure" disk encryption systems are supposed to protect sensitive information if a computer is stolen or otherwise accessed. However, in a paper and video published on the Internet today, the researchers show that data is vulnerable because encryption keys and passwords stored in a computer's temporary memory -- or RAM -- do not disappear immediately after losing power .... Laptops are particularly vulnerable to this attack, especially when they are turned on but locked, or in a "sleep" or "hibernation" mode entered when the laptop's cover is shut. Even though the machines require a password to unlock the screen, the encryption keys are already located in the RAM, which provides an opportunity for attackers with malicious intent.

While the EFF didn't explain how the research team stole encrypted data, The New York Times did today.

Using a can of air duster, researchers simply blasted the dynamic random access chip, or DRAM, with cold air. DRAM chips temporarily hold data, reports the Times, "including the [encryption] keys to modern data-scrambling algorithms." When users shut down their computer, the data disappears, or at least that's what everyone thought. Instead, the researchers discovered the chip's memory faded gradually over seconds, sometimes minutes, after shutdown. By air-dusting the chips, researchers could  freeze the data in place, allowing enough time for them to extract the encryption keys— long strings of ones and zeros—off the DRAM chip, enabling them to read the computer's contents. (Watch a full demonstration and explaination, here.)

By doing so, the researchers argue they have undermined the Trusted Computing Group's hardware, an industry group that develops, defines, and promotes open standards to increase the security of personal computers.

The researchers have submitted their results for publication and the paper is currently under review, says the EFF.




View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.