The move, which cannot be carried out remotely, exploits a little-known vulnerability of the dynamic random access, or DRAM, chip. Those chips temporarily hold data, including the keys to modern data-scrambling algorithms. When the computer’s electrical power is shut off, the data, including the keys, is supposed to disappear.
In a technical paper that was published Thursday on the Web site of Princeton’s Center for Information Technology Policy, the group demonstrated that standard memory chips actually retain their data for seconds or even minutes after power is cut off.
When the chips were chilled using an inexpensive can of air, the data was frozen in place, permitting the researchers to easily read the keys — long strings of ones and zeros — out of the chip’s memory.
After that, put the chips back in a computer, and, voila, instant data. The easy trick works on PCs, Macs and Linuxes alike, including those with manufacturer encryption software built in.
The personal computer will likely never be “safe.”
No comments:
Post a Comment