** Source : Princeton University ( NewJersey , United States )
Cold boot disk encryption attack is shockingly simple and effective
It's an old adage that no security measure is worth anything if an attacker has physical access to the machine, but things like heavy-duty disk encryption are supposed to at least slow things down.
Sadly, that may not actually be the case, as a group of Princeton researchers has just published a paper detailing an exploit that requires little more than a spray duster and a screwdriver. Since the encryption key for systems like BitLocker and FileVault lives in RAM, all an attacker has to do to get it is cool the RAM modules with the air duster held upside down, yank the DIMM, and insert it into another machine, where it can then be read to access the key. Of course, this assumes that you've already typed in your password, but check the video after the break to see how long bits in RAM stay written -- even if you've turned off your computer, there's a chance the key can still be read. Looks like there's an actual benefit to MacBook Air's soldered-in RAM after all, eh?
Watch it Here :)
Abstract :
Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images.
This phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We could use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials.
The extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques.
