Lt-DavidW Posted March 5, 2008 Share Posted March 5, 2008 Encrypted information held on a laptop is more vulnerable than previously thought, US research has shown.Scientists have shown that it is possible to recover the key that unscrambles data from a PC's memory. It was previously thought that data held in so-called "volatile memory" was only retained for a few seconds after the machine was switched off. But the team found that data including encryption keys could be held and retrieved for up to several minutes. "It was widely believed that when you cut the power to the computer that the information in the volatile memory would disappear, and what we found was that was not the case," Professor Edward Felten of the University of Princeton told BBC World Service's Digital Planet programme. Volatile memory is typically used in random access memory (RAM), which is used as temporary storage for programs and data when the computer is switched on. Deep sleep Disc encryption is the main method by which companies and governments protect sensitive information. "The key to making it work is to keep the encryption key secret," explained Professor Felten. Encryption has recently become a hot topic after a number of laptops containing personal records were lost or stolen. "What we have found was that the encryption keys needed to access these encrypted files were available in the memory of laptops," he said. "The information was available for seconds or minutes." In theory, this is enough time for a hacker or attacker to retrieve the key from the memory chips. "The real worry is that someone will get hold of your laptop either while it is turned on or while it is in sleeping or hibernation mode," said Professor Felten. In these modes the laptop is not running, but information is still stored in RAM to allow it to "wake up" quickly. "The person will get the laptop, cut the power and then re-attach the power, and by doing that will get access to the contents of memory - including the critical encryption keys." Cool running Switching the machine off and on and is critical to any attack. "When it comes out of sleep mode the operating system is there and it is trying to protect this data," explained Professor Felten. But a full power-down followed by a swift re-start removes this protection. "By cutting the power and then bringing it back, the adversary can get rid of the operating system and get access directly to the memory." Professor Felten and his team found that cooling the laptop enhanced the retention of data in memory chips. "The information stays in the memory for much longer - 10 minutes or more," he said. For example, where information stays in a computer for around 15 seconds under normal conditions, a laptop cooled to about -50C will keep information in its memory for 10 minutes or more. Professor Felten said that the best way to protect a computer was to shut it down fully several minutes before going into any situation in which the machine's physical security could be compromised. "Simply locking your screen or switching to 'suspend' or 'hibernate' mode will not provide adequate protection," he added. "It does cast some doubt on the value of encryption. I think that over time the encryption products will adapt to this and they will find new ways of protecting information." Source: BBC News Link to comment Share on other sites More sharing options...
XerXis Posted March 5, 2008 Share Posted March 5, 2008 this has been posted on the neowin main page a week ago Link to comment Share on other sites More sharing options...
Raa Posted March 5, 2008 Share Posted March 5, 2008 I think this was mentioned last month? Still scary though! Link to comment Share on other sites More sharing options...
Lt-DavidW Posted March 5, 2008 Author Share Posted March 5, 2008 this has been posted on the neowin main page a week ago The quoted news article is dated today, however I did scour the Neowin front page and Back Page News for the story. I haven't been around these parts much lately so I must have missed it. Link to comment Share on other sites More sharing options...
XerXis Posted March 5, 2008 Share Posted March 5, 2008 I think this was mentioned last month?Still scary though! i don't see why it is that scary, you need to steal the laptop within a minute after it's turned off, cool it to -50 C and after that search for an encryption key somewhere in all the other ram garbage, find it within ten minutes and all this while still working at -50 C. People who can pull that one off surely have better ways to find the encryption key (like torture :p) Link to comment Share on other sites More sharing options...
loople Posted March 5, 2008 Share Posted March 5, 2008 Cool running Switching the machine off and on and is critical to any attack. FFS, not even the BBC proof read any more :( Link to comment Share on other sites More sharing options...
Lt-DavidW Posted March 5, 2008 Author Share Posted March 5, 2008 FFS, not even the BBC proof read any more :( Budget cuts? BBC News articles have always contained misspellings, grammatical and factual inaccuracies. I used to keep reporting these mistakes through their website, but stopped doing because corrections were never made. Link to comment Share on other sites More sharing options...
FloatingFatMan Posted March 5, 2008 Share Posted March 5, 2008 As I said on the front page article; people were doing this sort of thing 20+ years ago to rip music and graphics from games. I used to do it regularly on the Amiga, and it even worked back on the C64's, C16's and Speccy's. There's nothing new with this discovery... Link to comment Share on other sites More sharing options...
Recommended Posts