While properly encrypted hard drives were thought to offer a challenge to even the most talented of hackers, a recent breakthrough has proven that even this extreme security measure possesses major vulnerabilities. On Thursday, a group of Princeton researchers revealed a creative exploit that allows common hard drive encryption software to be easily bypassed in minutes by anyone who has physical access to the computer.
While most new hacks and security vulnerabilities rely on software loopholes, the Princeton researchers actually exploited a property of computer hardware to snag encryption keys. Since most encryption programs require users to enter their passwords only once at boot, they store an encryption key in RAM to decode the hard drive’s encrypted contents on the fly. Most software companies would not consider this a vulnerability, since the contents of DRAM are wiped clean without electricity, making the key seemingly impossible to steal.
But the Princeton researchers found that DRAM holds its contents for much longer without electricity than most people suspected, and developed a way to extend its life even further by freezing it with the spray from an upside-down can of air duster. When presented with a running but locked computer, researchers were able to preserve the memory with air duster, swap it to a different laptop, pull the encryption keys right out and read the encrypted drives.
The team successfully cracked drives encoded by popular schemes including Microsoft Vista’s BitLocker and Mac OS X’s FileFault, along with dm-crypt and TrueCrypt. The only prospect for circumventing the Princeton attack procedure may be using an additional encryption string, which would be stored on a USB thumb drive or other removable media, and taken with the user when away from the laptop.
