Previous |
Next Blackboard Wins Patent-Infringement Case Against Rival Courseware Provider |
February 22, 2008, 10:58 AM ET
With a Can of Air, Hackers Can Steal Encrypted Data From Laptops
All it takes is a can of air and some know-how to unlock the contents of a laptop computer’s memory, even if the data were sealed with encrypted techniques. That’s the argument made by researchers at Princeton University in a paper released this week on the Web site of the university’s Center for Information Technology Policy.
One of the major findings of the report is that computers’ memory chips do not instantly go blank when the machines are shut down. At normal temperatures, active-memory chips, known as DRAM, hang onto data for 2.5 to as much as 35 seconds without power. That doesn’t sound like much, but that’s where the can of air comes in. The researchers found that spraying a DRAM chip with compressed air, which lowers its temperature, preserved the chip’s memory even longer without power. The technique could give thieves up to 10 minutes to remove the chip from a locked laptop, place it in another laptop, and make a copy of the contents.
The findings mean that a security measure taken by many colleges may not be enough to prevent thieves from nabbing personal data. Colleges set up encryption software on laptops so that they automatically go into lock mode — requiring a password to get back in — after a few minutes. That way, if an unattended machine is stolen, the data are thought to remain secure (The Chronicle, August 4, 2006.) According to a California law requiring institutions that lose personal data to disclose the loss to the affected parties, notification does not have to be made if a stolen laptop had active encryption software.
It turns out that many encryption programs, scrambling data so that they are accessible only via a password, store the keys to the data locks in the computer’s DRAM. Armed with a can of air, the Princeton team was able to copy the DRAM, locate the keys, and gain access to the laptop even after the computer was in locked mode.
The researchers were able to copy memory chips at varying temperatures and under varyious conditions. They even made a video of the process.
“Faith in the strength of disk encryption may be misplaced,” their report says. “We find that a moderately skilled attacker can circumvent many widely used disk-encryption products if a laptop is stolen while it is powered on.”
The researchers’ advice: Shut down your computer when not in use. That will clear the DRAM. —Jeffrey R. Young
Add Your Comment
Commenting is closed.