So, you thought file encryption would keep your documents safe. Well, think again. A group led by a Princeton University computer security researcher has found a simple way to steal encrypted information from computer hard disks. And that could spell real trouble for CIOs.
It's so easy that all you have to ask is, "Why didn't someone think of this before?" All the hack requires is that a thief chill a computer's memory chips with a blast of frigid air from a can of compressed air. The technique, described in a New York Times article, exploits a little-known vulnerability of the random access memory (RAM) chip. RAM is used to temporarily store data and its that data that can be stolen using this technique.
In a technical paper published on the Web site of Princeton's Center for Information Technology Policy, the group demonstrated that contrary to popular belief, standard memory chips actually retain their data for seconds or even minutes after power is cut off. "Cool the chips in liquid nitrogen (-196 °C) and they hold their state for hours at least, without any power," Edward W. Felten, a Princeton computer scientist, wrote in a Web posting. "Just put the chips back into a machine and you can read out their contents."
Some computer security experts said the research results were an indication that assertions of robust computer security should be regarded with caution. "This is just another example of how things aren't quite what they seem when people tell you things are secure," said Peter Neumann, a security researcher at SRI International in Menlo Park, Calif. Well, it looks like it's back to the drawing boards for the security experts.
For more on encryption vulnerabilities:
- See this New York Times article [1]
Links:
[1] http://www.nytimes.com/2008/02/22/technology/22chip.html?_r=3&hp&oref=slogin&oref=slogin&oref=slogin