A stick of RAM, a can of air, and wow

Researcher explains the 'cold boot' hack attack

Ever more computers are carrying ever more confidential data -- trade secrets, personal information of clients and constituents, and national security information. Encrypted hard disks requiring hardware keys or passwords are supposedly the way to keep that information safe.

But in the US, Princeton University computer security researcher Edward Felten released a study recently demonstrating that those keys are only as secure as the RAM that carries them, and that RAM is vulnerable in surprising ways. The upshot? Even turning a computer off may not be enough.

What has your study found? The implication of the paper has to do specifically with disk encryption. These are systems that try to encrypt the contents of file on hard drives of PCs so that if the computer is lost or stolen, the person who gets the computer won't be able to read all the files.

We found a method that is able to defeat all of the disk encryption systems that we've tried it on, which I think is now up to six systems roughly. And the basic reason is that all of these systems need to keep the secret encryption key somewhere, and the only place they can put it is in the RAM.

What we found, basically, is a way to get access to RAM, even if it's screen-locked.

The way we get access to RAM is by exploiting a pretty surprising property of RAM. RAM is supposed to be volatile -- when you turn off the power, it forgets the information. What we found is that information in RAM sticks around a lot longer. It sort of fades out over much longer than anybody thought.

How much longer? It actually stays around for seconds, and sometimes even minutes. We tried this on a typical desktop computer that's six or eight years old; we found that even after about 45 seconds, most of the contents of memory are still there. Newer DRAM [chips] held their information for a shorter period -- still plenty long for an attacker, but shorter.

What that means is that an attacker can just cut the power to a computer -- just unplug it, plug it back in and then reboot. After rebooting, the stuff that was in the memory before will still be there, so that the memory contents are still available to the attacker.

We discovered the trick of freezing the memory, which allows the RAM [chips] to retain their data. If we sprayed cooling spray [from an inverted can of common electronics-dusting spray], which gets to about minus 50 degrees Celsius, the retention time for ordinary DRAM would be 10 minutes or more. The cooling spray you can just spray on the chip right there in the computer -- sort of open up the machine so you see the chip, and just spray it on.

If you take the chips out and dunk them into liquid nitrogen, they last a long, long time. We don't even know how long, because we ran out of liquid nitrogen.

Is it possible to put encryption keys in some other memory location using a different technology, or in someplace dedicated to the disk subsystem? Maybe you could make a specialized chip that behaves differently. Probably what you would need is some kind of circuitry that actively erased information. I would not trust a design that sort of waited for the information to leak out. Given the effectiveness of cooling, it seems to me unlikely -- although I'm not a chip designer -- to make a chip that would have the information naturally decay fast enough while still having the chip [be] reliable enough.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Dan Rosenbaum

Computerworld
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?