Researchers Crack Encryption with Cold

Utilizing a little known fact about RAM, researchers have devised a way to crack disk encryption.

The attack takes only a few minutes to conduct and uses the disk encryption key that's stored in the computer's RAM.

The attack works because content as well as encryption keys stored in RAM linger in the system, even after the machine is powered off, enabling an attacker to use the key to collect any content still in RAM after reapplying power to the machine.

"We've broken disk encryption products in exactly the case when they seem to be most important these days: laptops that contain sensitive corporate data or personal information about business customers," said J. Alex Halderman, one of the researchers, in a press release. "Unlike many security problems, this isn't a minor flaw; it is a fundamental limitation in the way these systems were designed."

Successful attacks were performed against Vista's Bitlocker, Apple's FileVault, TrueCrypt, and Linux's dm-crypt.

Tags:  Encryption, Search, Research, Crack, arc, EA, AC, AR, K
Via:  Wired News
blog comments powered by Disqus