Disk encryption can be beaten Page: 1 Disk encryption can be beaten
Disk encryption could be rubbish at protecting your data on laptops, according to the experts. At the Usenix security conference, a new hack was brought to light which allows an attacker to steal data from a computers RAM modules. The hack works by cutting the power to a machine that is in sleep mode, then whilst restoring the power, boot a malicious operating system from a USB flash memory that can then copy the RAM contents. Princeton University research led by J. Alex Halderman said that the contents of the RAM are not lost from the modules straight away after the power is turned off.
It has been proven that RAM can take some time spanning from seconds to minutes before losing its data. This allows the attacker to take the data from the memory or alternatively take the RAM module.
Also, if the RAM module is kept cool, it will retain its data for a much longer period of time. For example, if you blow canned air onto the module, it will hold memory for a few more minutes; if you keep it in liquid nitrogen then the data could be held for days. This gives the attacker a lot more time.
Below is a video made by the research team explaining how the attack is done, also showing how an encryption key can be taken from your fading data on the RAM.
We also have a picture of what happens to the data on the RAM after the power has been turned off.
As you can see, the data slowly fades away. The right hand side is after a loss power for 5 minutes and the left is after 5 seconds. Learn a new thing every day here at OC3D.