Report: Disk encryption security defeatable through DRAM vulnerability

Ed Felten writes on Freedom-to-Tinker:

Today eight colleagues and I are releasing a significant new research result. We show that disk encryption, the standard approach to protecting sensitive data on laptops, can be defeated by relatively simple methods. We demonstrate our methods by using them to defeat three popular disk encryption products: BitLocker, which comes with Windows Vista; FileVault, which comes with MacOS X; and dm-crypt, which is used with Linux.

The root of the problem lies in an unexpected property of today's DRAM memories. DRAMs are the main memory chips used to store data while the system is running. Virtually everybody, including experts, will tell you that DRAM contents are lost when you turn off the power. But this isn't so. Our research shows that data in DRAM actually fades out gradually over a period of seconds to minutes, enabling an attacker to read the full contents of memory by cutting power and then rebooting into a malicious operating system.

Link to paper site, Link to PDF, and a video is below. (thanks, Jake Appelbaum)

UPDATE, 9:44am PT: Declan McCullagh at has an analysis piece here.



  1. pray tell me what constitutes a “malicious” operating system??? the linked article doesn’t mention them, but merely mentions that an image can be obtained for malicious (or forensic) purposes…

  2. This is great news, but not for the reason you think. As a techie I’m one of those people who, after turning off a computer, let it sit for a minute or two. There is another group that immediately turn it back on, since “it’s not like the RAM holds anything after it’s off”. So, my superstition turns out to be practical. Awesome.

  3. so, why not add a piece of software to the encryption programs that zeroes out the ram before sleep or off states, and then asks for the password on re-wake/restart?

  4. “so, why not add a piece of software to the encryption programs that zeroes out the ram before sleep or off states, and then asks for the password on re-wake/restart?”
    YA, RIGHT!?
    Call 1800-microsoft and see how far you get!
    They never listen. It would have to be written by a third party..

  5. So the situation where this would be a problem is where RIAA agents kick down the door and jump through the windows simultaneously, quickly jamming a bootable disk into your computer before the DRAM’s contents are gone.

  6. Dwild1, it happens now with flash washing. I also suggest keeping your machine and monitor in a faraday cage. Just in case you’re really concerned about security.

  7. @manicbassman “pray tell me what constitutes a “malicious” operating system??? ”

    In this case it is the operating system run by the attacker for the purpose of copying an image of RAM.

  8. I went a little nuts trying to figure out the Mona Lisa picture — I thought it had hidden words or images. Even crossed my eyes for the old “magic picture” effect. Then I realized it must be a frame from the video, which I watched. D’oh.

    Anyway… this scheme requires the attacker to get hands on the actual computer. We’re talking about robberies, break-ins, spies, moles, attack ferrets… scenes from crummy action movies.

    If you can keep people away from your computer, then you don’t have a problem. Just keep your belongings within your sight at all times, and do not accept packages from someone you do not know. And remember that the white zone is for loading and unloading only.

    What I learned: Don’t freeze my Macbook.

  9. I used to perform a similar trick back in the 90’s when I performed Macintosh technical support at a university. The Macs of that era ran System 7 which was notorious for crashing inexplicably with the little bomb icon and a ‘Sorry a system error occurred’.

    Inevitably students would have slaved away on a term paper for 6 hours at a workstation when the box would appear. “When was the last time you saved your work?”. “Umm, I was going to save it when I was finished, why?”

    Well for a long time this meant lots of tears and hair pulling. Then I discovered it was possible to reboot, install the assembly-level debugger from a floppy, reboot again, drop into the debugger and scan RAM for the student’s name which was usually at the beginning of the paper.

    I could write the next few pages of memory to disk and the paper, sans formatting, would be recovered. People were incredibly grateful.

    Occasionally machines rebooted because of power cables being tripped over or a sub-second power drop to the building. Sometimes the trick would work, sometimes it wouldn’t. It sounds like modern memory is more resilient in this regard.

    IIRC, when power is interrupted, there is enough juice for the processor to push through certain commands, for the hard drive to flush cache to disk, etc. This all happens in milliseconds. It seems as though hardware manufacturers could add a method to quickly write a number of random values to a key portion of memory and thus overwrite the key. You’d need new hardware, but it could be done.

  10. i work with computer hardware a lot and it is a constant phenomena when i hard-power-down a motherboard it’s about 8 seconds before the motherboard power indicator dims.

    this exploit is a pretty difficult one to perpetuate but i can see some possible methods, specifically involving hijacking power management software.

    on a somewhat side subject, i wonder why every household doesn’t have a nice gigafarad capacitor on the power line to buffer those sub-minute glitches we get here so much – how much would it cost, and what is there to stop one putting it in anyway? a big fat parallel array of high capacity capacitors and something to absorb the excessive voltage spikes before it. i have a ups on my server but i wish i didn’t need it to stop power glitches shorter than a minute.

Comments are closed.