Memory trick breaks PC encryption

By Lt-DavidW
in Back Page News

 Share

Recommended Posts

Grand Master

Lt-DavidW

Posted
Posted
Encrypted information held on a laptop is more vulnerable than previously thought, US research has shown.

Scientists have shown that it is possible to recover the key that unscrambles data from a PC's memory.

It was previously thought that data held in so-called "volatile memory" was only retained for a few seconds after the machine was switched off.

But the team found that data including encryption keys could be held and retrieved for up to several minutes.

"It was widely believed that when you cut the power to the computer that the information in the volatile memory would disappear, and what we found was that was not the case," Professor Edward Felten of the University of Princeton told BBC World Service's Digital Planet programme.

Volatile memory is typically used in random access memory (RAM), which is used as temporary storage for programs and data when the computer is switched on.

Deep sleep

Disc encryption is the main method by which companies and governments protect sensitive information.

"The key to making it work is to keep the encryption key secret," explained Professor Felten.

Encryption has recently become a hot topic after a number of laptops containing personal records were lost or stolen.

"What we have found was that the encryption keys needed to access these encrypted files were available in the memory of laptops," he said.

"The information was available for seconds or minutes."

In theory, this is enough time for a hacker or attacker to retrieve the key from the memory chips.

"The real worry is that someone will get hold of your laptop either while it is turned on or while it is in sleeping or hibernation mode," said Professor Felten.

In these modes the laptop is not running, but information is still stored in RAM to allow it to "wake up" quickly.

"The person will get the laptop, cut the power and then re-attach the power, and by doing that will get access to the contents of memory - including the critical encryption keys."

Cool running

Switching the machine off and on and is critical to any attack.

"When it comes out of sleep mode the operating system is there and it is trying to protect this data," explained Professor Felten.

But a full power-down followed by a swift re-start removes this protection.

"By cutting the power and then bringing it back, the adversary can get rid of the operating system and get access directly to the memory."

Professor Felten and his team found that cooling the laptop enhanced the retention of data in memory chips.

"The information stays in the memory for much longer - 10 minutes or more," he said.

For example, where information stays in a computer for around 15 seconds under normal conditions, a laptop cooled to about -50C will keep information in its memory for 10 minutes or more.

Professor Felten said that the best way to protect a computer was to shut it down fully several minutes before going into any situation in which the machine's physical security could be compromised.

"Simply locking your screen or switching to 'suspend' or 'hibernate' mode will not provide adequate protection," he added.

"It does cast some doubt on the value of encryption. I think that over time the encryption products will adapt to this and they will find new ways of protecting information."

Source: BBC News

Link to comment
https://www.neowin.net/forum/topic/623790-memory-trick-breaks-pc-encryption/
Share on other sites
Grand Master

Lt-DavidW

Posted
  • Author
Posted
this has been posted on the neowin main page a week ago

The quoted news article is dated today, however I did scour the Neowin front page and Back Page News for the story.

I haven't been around these parts much lately so I must have missed it.

Grand Master

XerXis

Posted
Posted
I think this was mentioned last month?

Still scary though!

i don't see why it is that scary, you need to steal the laptop within a minute after it's turned off, cool it to -50 C and after that search for an encryption key somewhere in all the other ram garbage, find it within ten minutes and all this while still working at -50 C.

People who can pull that one off surely have better ways to find the encryption key (like torture :p)

Grand Master

Lt-DavidW

Posted
  • Author
Posted
FFS, not even the BBC proof read any more :(

Budget cuts?

BBC News articles have always contained misspellings, grammatical and factual inaccuracies.

I used to keep reporting these mistakes through their website, but stopped doing because corrections were never made.

Grand Master

FloatingFatMan

Posted
Posted

As I said on the front page article; people were doing this sort of thing 20+ years ago to rip music and graphics from games. I used to do it regularly on the Amiga, and it even worked back on the C64's, C16's and Speccy's. There's nothing new with this discovery...

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • U.S. delegation throws away all burner phones and gifts from China before takeoff

      By AsherGZ · Posted

      I named Hitler because he is the de facto anti-semite. But you don't have to hate Jews to be a genocidal maniac. In fact, these days, so called semites are the ones acting in ways that would make Hitler proud.
    • 3DP Chip 26.05

      By Copernic · Posted

      3DP Chip 26.05 by Razvan Serea 3DP Chip is a standalone, no-install portable tool that scans your computer’s hardware and automatically detects the latest drivers available for your specific configuration and external devices. It provides a clear list of drivers that need updates, locates the correct downloads, and helps you upgrade them easily. 3DP Chip will automatically detect and display the information on your CPU, motherboard, video card and sound card installed on your PC. You can also choose to copy these information into your clipboard with one click for later use (such as posting in a forum). Also, if you're upgrading your operating system or just need to reinstall Windows, 3DP Chip can backup all the drivers on your PC or laptop. 3DP Chip backup and reinstall features can save you hours of searching for and installing individual device drivers. 3DP Chip most popular drivers include: audio and sound drivers video drivers printer and scanner drivers digital camera drivers network drivers webcam drivers keyboard and mouse drivers 3DP Chip v26.05 changelog: Driver date/version information has been added or updated AMD motherboard chipset v8.03.25.247 AMD motherboard chipset v8.05.04.516 Newly added product or support has been enhanced AMD Radeon Graphics AMD Radeon 780M Graphics AMD Radeon 840M Graphics AMD Radeon 860M Graphics AMD Radeon 880M Graphics AMD Radeon RX 9070 XT AMD Radeon Pro W7500M NVIDIA GeForce RTX 3050 6GB Laptop GPU NVIDIA GeForce RTX 4050 Laptop GPU NVIDIA GeForce RTX 5050 Laptop GPU NVIDIA GeForce RTX 5050 Laptop GPU NVIDIA GeForce RTX 5060 NVIDIA GeForce RTX 5070 Laptop GPU NVIDIA GeForce RTX 5070 Ti Laptop GPU NVIDIA RTX Pro 500 Blackwell Generation Laptop GPU NVIDIA RTX Pro 1000 Blackwell Generation Laptop GPU NVIDIA RTX Pro 2000 Blackwell Generation Laptop GPU Download: 3DP Chip 26.05 | 7.2 MB (Freeware) Links: 3DP Chip Home Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • The official Funny Pictures thread

      By snowy owl · Posted

    • Apple reluctantly forces strict new age checks on Texas users starting today

      By zikalify · Posted

      Apple reluctantly forces strict new age checks on Texas users starting today by Paul Hill Apple will begin enforcing the Texas Age Assurance Law (SB 2420) following a recent court ruling that lifted an injunction on SB 2420. Starting June 4 (today), Apple will enforce strict age-verification and parental-consent rules for new Apple accounts created in Texas. This move will affect children under 18 who go to download apps or attempt to make in-app purchases. Apple previously expressed privacy concerns related to this law, but compliance is now mandatory for the company, nevertheless. Apple will use several APIs to follow the law. Principally, the Declared Age Range API will fetch the specific user age bracket (Under 13, 13-15, 16-17, or 18+) and a verification method. The Significant Change API (PermissionKit) will trigger a system dialog for parental consent if an app gets a major update or an age-rating shift. There is also a new property type in StoreKit that allows developers to automatically check when their app’s age rating has changed on a user’s device and then use the Significant Change API to request parental consent. Finally, App Store Server Notifications can be configured to tell developers when a parent revokes consent, blocking app launches. To ensure they are ready for these changes, developers must immediately use Apple’s sandbox testing environment to validate these APIs in their apps. For any developers out there finding this to be inconvenient, get used to it. Other regions, such as Utah, Louisiana, and Brazil, are looking at, or have implemented, similar rules.
    • The official Funny Pictures thread

      By +Edouard · Posted

  • Recent Achievements

    • One Month Later
      nothanks earned a badge
      One Month Later
    • One Month Later
      B2Proxy earned a badge
      One Month Later
    • One Year In
      MadMung0 earned a badge
      One Year In
    • Week One Done
      jefred earned a badge
      Week One Done
    • Apprentice
      JoeyNeo went up a rank
      Apprentice

  • Popular Contributors

    1. 1
      +primortal
      484
    2. 2
      PsYcHoKiLLa
      229
    3. 3
      Skyfrog
      72
    4. 4
      FloatingFatMan
      62
    5. 5
      neufuse
      54
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!