Usually I try not to just reiterate what is written elsewhere anyway. But this thing is so hot and amazing that I just have to provide you with a link: New Research Results: Cold Boot Attacks on Disk Encryption.
In a nutshell: Hard disk encryption master keys are stored in DRAM. However according to the research results of Princeton University, DRAM does not lose its content immediately, but rather only after a couple of seconds or minutes. If cooled (e.g. by spraying cooling spray on it), memory content can be preserved for multiple minutes and restored after booting from a malicious operating system.
I strongly recommend you read it for yourself.
Picture of a Hard Disk by cgommel
Tags: Attacks, Disk Encryption, DRAM, Encryption, Hack, Hacked, Hard Disk, Princeton, Vulnerability
February 22, 2008 at 6:23 pm |
This story is another reason state legislatures are unwise to madate encryption as a data security procedure. http://hack-igations.blogspot.com/2008/02/encryption-legislation-goes-overboard.html
February 22, 2008 at 7:57 pm |
Sorry, but in this case I don’t agree (see comment I left on your blog). The issue I reference is a serious one, but hard disk encryption is still better at protecting your data than anything else we currently have at our disposal.
Also, it’s not like this flaw is so easy to exploit. One needs to steal the system in question almost immediately after the owner powered it down. I think it’s more interesting from an academic point of view than a real threat.
March 5, 2008 at 8:05 pm |
[...] not the only way the issue can be exploited. Especially in connection with the recently published attacks on hard disk encryption this is extremly critical. While those cold boot attacks require to reboot the system, DMA via [...]