Thursday, July 31, 2008
Disk Encryption: Not as Safe as Once Thought
Disk Encryption is a common technique used by people to protect private data on laptops and computers. Disk Encryption scrambles all data on the hard drive making it unreadable to those who do not have have the correct key or password. Many operating systems, such as Windows Vista, Mac OS 10, and Linux currently employ their own disk encryption software in hopes to provide more secure features for users.
Unfortunately, a new kind of attack that requires physical access to a computer can be used to render these encryption programs entirely useless. This type of attack is referred to as a "cold-boot attack" and takes advantage of computers that are currently powered on or in sleep mode. An uncommon fact that many people are unaware of is that RAM data gradually fades when the power is cut spanning from a few seconds to a few minutes.
This exploit gives the attacker time to read the RAM data, extract encryption, passwords, and any other data that is currently being stored in the ram. The RAM can also be physically removed and placed into a different operating system or laptop to allow a program to decrypt the data. Attackers can also extend the time of data decay by cooling of the memory chips with over the counter products such as canned air commonly used for cleaning keyboards with dust.
This exploit leaves many popular disk encryption methods insecure, and leaving laptops most vulnerable to these types of attacks. Individuals and businesses that commonly use laptops need to pay closer attention to the physical security of their laptops to prevent this type of attack from happening.