DiskEncryption
Latest
Bootable flash key makes disk encryption attacks super-simple
Ruh roh, Shaggy -- you remember that disk encryption attack that involved cooling off your target's RAM and yanking it to get a bitdump before the contents faded? Well, it looks like things just got a lot simpler for would-be attackers -- check out this USB flash key designed by security researcher Robert Wesley McGrew, which can boot your machine and dump the RAM to itself without altering its contents. That means you no longer need to actually pull the DIMMs or carry around an air duster; all an attacker needs is enough time to reboot your machine and copy the contents of your RAM. Of course, that takes time -- McGrew says things are running quite slowly right now, but he suspects his test machine is dropping down to USB 1.0 speeds. That's still not too reassuring -- looks like we'll be spending even more time with our machines from now on.[Via Hack a Day]
Cold boot disk encryption attack is shockingly effective
It's an old adage that no security measure is worth anything if an attacker has physical access to the machine, but things like heavy-duty disk encryption are supposed to at least slow things down. Sadly, that may not actually be the case, as a group of Princeton researchers has just published a paper detailing an exploit that requires little more than a spray duster and a screwdriver. Since the encryption key for systems like BitLocker and FileVault lives in RAM, all an attacker has to do to get it is cool the RAM modules with the air duster held upside down, yank the DIMM, and insert it into another machine, where it can then be read to access the key. Of course, this assumes that you've already typed in your password, but check the video after the break to see how long bits in RAM stay written -- even if you've turned off your computer, there's a chance the key can still be read. Looks like there's an actual benefit to MacBook Air's soldered-in RAM after all, eh?
