Defeating Disk Encryption

Posted by Martin in Operating Systems, Security  Tags: , ,

25

Feb



I discovered an interesting video at Hack a Day from the University of Princeton demonstrating how to break disk encryption using so called RAM Dumps. This basically takes into account that the encryption key is stored in RAM. While most disk encryption mechanisms are vulnerable while the computer is on or in sleep mode some are even vulnerable when powered off.

What they did was to boot the computer from an USB drive that would load a RAM dumping program. Tests conducted by the University of Princeton showed that it took between seconds and minutes before data that was stored in RAM was completely erased. The RAM also vanished in a predictable manner.

It’s interesting to see that cooling the RAM down to minus 50 degrees prolonged the time the data was readable, it was clearly readable after ten minutes. It’s a very interesting video in my opinion.

If you never thought about using a BIOS password and disabling booting from USB devices and CD / DVD before you should start thinking about it right now. That is if you use disk encryption.


Like such posts? Get updates via RSS NEWS FEED. Love Ghacks? Find out how you can help!

7 Users Commented In This Post

Subscribe To This Post Comment Rss Or TrackBack URL
Jawwad says:

I wonder if they can defeat the TrueCrypt 5.0 encryption using this technique?

Wiegmann says:

“If you never thought about using a BIOS password and disabling booting from USB devices and CD / DVD before you should start thinking about it right now. That is if you use disk encryption.”

<-That doesn’t really help you, if you put the RAM into another computer, like in the video mentionend! The BIOS settings aren’t stored in RAM :-)

Martin says:

Hehe you are right of course, but it’s better than nothing :)

Software to defeat Disk Encryption released says:

[...] taking a snapshot of the system memory and analysing that memory for data and keys. I covered the Defeating Disk Encryption story here at Ghacks in [...]

Vivek says:

wow … that was clever !!! :)

Probably the next step in encryption would be mapping RAM’s capacitors and deliberately storing the key at different locations and different RAM modules (most of us have dual channel RAMs now, isnt it). Is that even possible??

Also, adding redundancy to confuse the hacker should be useful too!!

Rarst says:

So don’t leave notebook turned on and unattended. Actually this was very good idea even before these possible attacks. :)

jj says:

I dont think its possible to do this on Drivecrypt before it loads into operating system anyway.

Leave Your Comments Below
Hello, please leave your thought below

Please Note: Each comment will be manually approved by an admin. There is no guarantee that a comment will be posted. Please do not submit the comment multiple times.