Cool hack, Literally!
Feb. 25th, 2008 05:42 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
kallistiiEncrypted data on hard drives, even encrypted file systems, can be compromised using simple "Air Spray", the stuff you use to clean off lenses and interiors of computers, and a bit of specialized software, described in a paper published last week.
Most people assume, as did I, that as soon as the system is shut off, everything that is in the RAM chips disappears, but this turns out not to be the case. That data may be there for many seconds, even minutes after the power is turned off! And by using a standard can of "Air", you can cool the chips down to -50C, at which point the data stays there for the most part of a suprising number of minutes...placing the memory in liquid nitrogen seems to allow you to keep data integrity for many days!
Now that you have that RAM, you can place it into another computer, and extract from it the unscrambled keys used to unlock the data on the hard drive. All products on the market, MS's Bitlocker, Apple's FileVault, and other flavours of Unix's encrypted file systems are vulnerable.
This just goes to show that if a person can get physical access to your system, they can steal your data!
Here is the link to the paper: http://citp.princeton.edu.nyud.net/pub/coldboot.pdf
Most people assume, as did I, that as soon as the system is shut off, everything that is in the RAM chips disappears, but this turns out not to be the case. That data may be there for many seconds, even minutes after the power is turned off! And by using a standard can of "Air", you can cool the chips down to -50C, at which point the data stays there for the most part of a suprising number of minutes...placing the memory in liquid nitrogen seems to allow you to keep data integrity for many days!
Now that you have that RAM, you can place it into another computer, and extract from it the unscrambled keys used to unlock the data on the hard drive. All products on the market, MS's Bitlocker, Apple's FileVault, and other flavours of Unix's encrypted file systems are vulnerable.
This just goes to show that if a person can get physical access to your system, they can steal your data!
Here is the link to the paper: http://citp.princeton.edu.nyud.net/pub/coldboot.pdf
