Report: Disk encryption security defeatable through DRAM vulnerability


13 Responses to “Report: Disk encryption security defeatable through DRAM vulnerability”

  1. manicbassman says:

    pray tell me what constitutes a “malicious” operating system??? the linked article doesn’t mention them, but merely mentions that an image can be obtained for malicious (or forensic) purposes…

  2. mbourgon says:

    This is great news, but not for the reason you think. As a techie I’m one of those people who, after turning off a computer, let it sit for a minute or two. There is another group that immediately turn it back on, since “it’s not like the RAM holds anything after it’s off”. So, my superstition turns out to be practical. Awesome.

  3. Takuan says:

    had the habit from capacitor-think. Good to see the old traditions upheld.

  4. deejayqueue says:

    so, why not add a piece of software to the encryption programs that zeroes out the ram before sleep or off states, and then asks for the password on re-wake/restart?

  5. nezzyidy says:

    I LOVE how the encrypted data in the video is named “Kennedy Assassination”.

  6. l0k1 says:

    i work with computer hardware a lot and it is a constant phenomena when i hard-power-down a motherboard it’s about 8 seconds before the motherboard power indicator dims.

    this exploit is a pretty difficult one to perpetuate but i can see some possible methods, specifically involving hijacking power management software.

    on a somewhat side subject, i wonder why every household doesn’t have a nice gigafarad capacitor on the power line to buffer those sub-minute glitches we get here so much – how much would it cost, and what is there to stop one putting it in anyway? a big fat parallel array of high capacity capacitors and something to absorb the excessive voltage spikes before it. i have a ups on my server but i wish i didn’t need it to stop power glitches shorter than a minute.

  7. woid says:

    I went a little nuts trying to figure out the Mona Lisa picture — I thought it had hidden words or images. Even crossed my eyes for the old “magic picture” effect. Then I realized it must be a frame from the video, which I watched. D’oh.

    Anyway… this scheme requires the attacker to get hands on the actual computer. We’re talking about robberies, break-ins, spies, moles, attack ferrets… scenes from crummy action movies.

    If you can keep people away from your computer, then you don’t have a problem. Just keep your belongings within your sight at all times, and do not accept packages from someone you do not know. And remember that the white zone is for loading and unloading only.

    What I learned: Don’t freeze my Macbook.

  8. amuderick says:

    I used to perform a similar trick back in the 90′s when I performed Macintosh technical support at a university. The Macs of that era ran System 7 which was notorious for crashing inexplicably with the little bomb icon and a ‘Sorry a system error occurred’.

    Inevitably students would have slaved away on a term paper for 6 hours at a workstation when the box would appear. “When was the last time you saved your work?”. “Umm, I was going to save it when I was finished, why?”

    Well for a long time this meant lots of tears and hair pulling. Then I discovered it was possible to reboot, install the assembly-level debugger from a floppy, reboot again, drop into the debugger and scan RAM for the student’s name which was usually at the beginning of the paper.

    I could write the next few pages of memory to disk and the paper, sans formatting, would be recovered. People were incredibly grateful.

    Occasionally machines rebooted because of power cables being tripped over or a sub-second power drop to the building. Sometimes the trick would work, sometimes it wouldn’t. It sounds like modern memory is more resilient in this regard.

    IIRC, when power is interrupted, there is enough juice for the processor to push through certain commands, for the hard drive to flush cache to disk, etc. This all happens in milliseconds. It seems as though hardware manufacturers could add a method to quickly write a number of random values to a key portion of memory and thus overwrite the key. You’d need new hardware, but it could be done.

  9. DeWild1 says:

    “so, why not add a piece of software to the encryption programs that zeroes out the ram before sleep or off states, and then asks for the password on re-wake/restart?”
    YA, RIGHT!?
    Call 1800-microsoft and see how far you get!
    They never listen. It would have to be written by a third party..

  10. toxonix says:

    So the situation where this would be a problem is where RIAA agents kick down the door and jump through the windows simultaneously, quickly jamming a bootable disk into your computer before the DRAM’s contents are gone.

  11. Jeff says:

    Dwild1, it happens now with flash washing. I also suggest keeping your machine and monitor in a faraday cage. Just in case you’re really concerned about security.

  12. Rich Gibson says:

    @manicbassman “pray tell me what constitutes a “malicious” operating system??? ”

    In this case it is the operating system run by the attacker for the purpose of copying an image of RAM.

Leave a Reply