Pages

February 22, 2008

Freon defeats computer encryption

No fancy techniques, just a blast of Freon like that contained in blow-out cleaning cans so often used on computers, can allow information to be stolen off encrypted hard drives. Here’s how it works:
The move, which cannot be carried out remotely, exploits a little-known vulnerability of the dynamic random access, or DRAM, chip. Those chips temporarily hold data, including the keys to modern data-scrambling algorithms. When the computer’s electrical power is shut off, the data, including the keys, is supposed to disappear.

In a technical paper that was published Thursday on the Web site of Princeton’s Center for Information Technology Policy, the group demonstrated that standard memory chips actually retain their data for seconds or even minutes after power is cut off.

When the chips were chilled using an inexpensive can of air, the data was frozen in place, permitting the researchers to easily read the keys — long strings of ones and zeros — out of the chip’s memory.

After that, put the chips back in a computer, and, voila, instant data. The easy trick works on PCs, Macs and Linuxes alike, including those with manufacturer encryption software built in.

The personal computer will likely never be “safe.”

No comments:

Post a Comment

Your comments are appreciated, as is at least a modicum of politeness.
Comments are moderated, so yours may not appear immediately.
Due to various forms of spamming, comments with professional websites, not your personal website or blog, may be rejected.