If you think that encrypting your laptop's hard drive will keep your data
safe from prying eyes, you may want to think again, according to researchers at
Princeton University.
They've discovered a
way to steal the hard drive encryption key used by products such as Windows
Vista's BitLocker or Apple's FileVault. With that key, hackers could get access
to all of the data stored on an encrypted hard drive. That's because of a
physical property of the computer's memory chips. Data in these DRAM (dynamic
RAM) processors disappears when the computer is turned off, but it turns out
that this doesn't happen right away, according to Alex Halderman, a Princeton
graduate student who worked on the paper. In fact, it can take minutes before
that data disappears, giving hackers a way to sniff out encryption keys. The
attacker simply turns the computer off for a second or two and then reboots the
system from a portable hard disk, which includes software that can examine the
contents of the memory chips. This gives an attacker a way around the operating
system protection that keeps the encryption keys hidden in memory.
Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.