Freezing Gives Hackers Temporary Access to DRAM Data
February 22, 2008
An article on MSNBC says that encrypted hard drives may become accessible to hackers with the use of a burst of cold air. The article cites a new Princeton University report. Princeton's research found that freezing a DRAM chip will give a hacker temporary access to computer memory.
Freezing a dynamic random access memory, or DRAM, chip, the most common type of memory chip in personal computers, causes it to retain data for minutes or even hours after the machine loses power, the report found. That data includes the keys to unlock encryption. Without freezing, the chip loses its contents within seconds.
Hackers can steal information stored in memory by rebooting the compromised machine with a simple program designed to copy the memory contents - before the computer has a chance to purge sensitive data, according to the study.
Laptops left in hibernation or sleep mode, or simply not turned off at all, are the most vulnerable to the new type of attack.
"These risks imply that disk encryption on laptops may do less good than widely believed," according to the report, which was published this week by researchers from Princeton, the Electronic Frontier Foundation digital rights group, and Wind River Systems software company. "Ultimately, it might become necessary to treat DRAM as untrusted, and to avoid storing sensitive confidential data there, but this will not be feasible until architectures are changed to give software a safe place to keep its keys."
The researchers were able to freeze the memory chips with by spraying an "upside-down canister of multipurpose duster spray" directly onto them and then using memory-imaging tools to read the data on the chips.
You can read more about the research project here and you can see a YouTube video below.
