Edward W. Felten, director of the Center for Information Technology Policy at Princeton University and eight colleagues have announced that they have discovered a serious vulnerability in the standard memory chips of computers, which leave data subject to attack and theft even after systems are powered down.
The risk is particularly high for computers that are turned on but locked, such as laptops that are in a “sleep” or hibernation mode. One effective countermeasure is to turn a computer off entirely, though in some cases even this does not provide protection.
The research team posted its findings last week at www.freedom-to-tinker.com, also providing links to the research paper, an explanatory video, and other materials.
”Today eight colleagues and I are releasing a significant new research result,” Professor Felton said in the statement. “We show that disk encryption, the standard approach to protecting sensitive data on laptops, can be defeated by relatively simple methods.”
Professor Felton said the vulnerability results from the way memory chips, which store data while a computer is running, remain vulnerable to hackers for several seconds after the system is powered down. This enables an attacker “to read the full contents of memory by cutting power and then rebooting into a malicious operating system.”
Such attacks overcome a broad set of security measures called “disk encryption,” which are meant to secure information stored in a computer’s permanent memory. The researchers cracked several widely used technologies, including Microsoft’s BitLocker, Apple’s FileVault and Linux’s dm-crypt, and described the attacks in a paper and video published on the Web Feb. 21.
The team reports that these attacks are likely to be effective at cracking many other disk encryption systems because these technologies have architectural features in common.
”We’ve broken disk encryption products in exactly the case when they seem to be most important these days: laptops that contain sensitive corporate data or personal information about business customers,” said team member Alex Halderman, a Ph.D. candidate in Princeton’s computer science department. “Unlike many security problems, this isn’t a minor flaw; it is a fundamental limitation in the way these systems were designed.”
The researchers have contacted several manufacturers to make them aware of the vulnerability: Microsoft, which includes BitLocker in some versions of Windows Vista; Apple, which created FileVault; and the makers of dm-crypt and TrueCrypt, which are open-source products for Windows and Linux platforms.
”There’s not much they can do at this point,” Mr. Halderman said. “In the short term, they can warn their customers about the vulnerability and tell them to shut their computers down completely when traveling.”
In the longer term, Mr. Halderman said, new technologies may need to be designed that do not require the storing of encryption keys in the RAM, given its inherent vulnerability.
The researchers plan to continue investigating this and other defenses against this new security threat.
Professor Felten said the findings demonstrate the risks associated with recent high-profile laptop thefts, including a Veterans Administration computer containing information on 26 million veterans and a University of California-Berkeley laptop that contained information on more than 98,000 graduate students and others.
While it is widely believed that disk encryption would protect sensitive information in instances like these, the new research demonstrates that the information could easily be read even when data is encrypted.
Others on the team included graduate students Nadia Heninger, William Clarkson, Joseph Calandrino, Ariel Feldman, Seth Schoen of the Electronic Frontier Foundation, William Paul of Wind River Systems and independent computer security researcher Jacob Appelbaum.
