- Nokia's new N97 vs. the iPhone
- Talk-powered cell phones?
- FBI: Copper thieves jeopardize U.S. infrastructure
- 10 Microsoft research projects
- Smartphone smackdown: Storm vs. iPhone
The disk encryption technology used to secure the data in your Windows, Apple and Linux laptops can be easily circumvented, according to new research out of Princeton University.
Get Network World columnist Scott Bradner's take on this research.
The flaw in this approach, the researchers say, is that data previously thought to disappear immediately from dynamic RAM (DRAM) actually takes its time to dissolve, leaving the data on the computer vulnerable to thievery regardless of whether the laptop is on or off. That's because the disk encryption key, unlocked via a password when you log on to your computer, then is held in DRAM. If a thief can get a hold of the key, he can then get into the disk.
"We demonstrate our methods by using them to defeat three popular disk encryption products: BitLocker, which comes with Windows Vista; FileVault, which comes with MacOS X; and dm-crypt, which is used with Linux," writes Ed Felten, a Princeton professor, on his blog, Freedom to Tinker.
The researchers, which also included participants from the Electronic Frontier Foundation and Wind River Systems, have created a captivating video demonstrating a process (one using a program dubbed "Bit-unLocker") that can be used to snatch the data. In the video, the narrator explains that it takes seconds for data to fade and that the process can be slowed by cooling the memory chips (they chill the memory chips to around -58 F with a liquid spray and remove them without affecting the contents). The chips can even be switched to a different computer to read them. Liquid nitrogen can be used to cool the chips for hours, the researchers say.
"This is deadly for disk encryption products because they rely on keeping master decryption keys in DRAM," Felten writes.
Felten adds that even using Trusted Computing hardware doesn't help.
(A presentation from a pair of security researchers scheduled for Black Hat USA last summer that promised to undermine chip-based desktop and laptop security was suddenly withdrawn without explanation. The briefing promised to show how computer security based on trusted platform module hardware could be circumvented.)
The Princeton findings prompted Steven Sprague, CEO of Wave Systems, which makes management software for hardware security devices, to point out that such attacks on laptops would be preventable via hardware-based encryption offerings.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (6)
Anything easily cracked ifBy tuomoks on February 22, 2008, 2:44 pmOld news but nice that someone (again) raises the question. Now, that's why NIST FIPS requirements on different levels, physical security is as important as logical....
Reply | Read entire comment
Re: SolutionBy uner on February 22, 2008, 1:30 pmUnfortunately that does not solve the core issue that they key is in external RAM as plaintext for relatively long periods of time. Virtualization and sudden power...
Reply | Read entire comment
Encyption LawBy BenjaminWright on February 22, 2008, 1:29 pmThis story is another reason state legislatures are unwise to madate encryption as a data security procedure. http://hack-igations.blogspot.com/2008/02/encryption-legislation-goes-overboard.html
Reply | Read entire comment
SolutionBy jhansonxi on February 22, 2008, 12:46 pmIn Linux the kernel just needs to wipe the memory space prior to halting or suspending. For Windows I predict that Symantec and other data security companies will...
Reply | Read entire comment
Not as trivial as it soundsBy uner on February 22, 2008, 7:39 amAt first look, my reaction was the same as Mark's - that this is both an obvious and impractical weakness. However, consider the technical implication here, that...
Reply | Read entire comment
View all comments