Freezing memory reveals passwords

Published on Tuesday 4th March, 2008 (AEST)

Researchers at Princeton University recently published research (complete with YouTube video) into a little known fact of RAM—data in memory is not immediately lost when a computer is turned off. Rather, the contents of memory is lost over a period of a few seconds, or even several minutes if the memory is frozen. The researchers demonstrate this by spraying memory chips with canned air, dropping the temperature to well below zero and preserving the memory contents with minimal loss for over five minutes.

By preserving the contents of memory in this way, drive encryption software such as BitLocker, TrueCrypt and FileVault can be cracked, by retrieving the password out of memory. On some systems, all that is required is to cut power to the system, quickly attach a bootable USB drive, then power the system back up again. Software on the bootable USB drive can then scan the computer's memory for the encryption keys (see the PDF file on the Princeton site for specific details).

This means that if baddies get access to your computer while it is turned on, they could potentially gain access to your encrypted files within minutes, regardless of whether your computer is locked or hibernated.

It really comes back to the old maxim that if a hacker has physical access to your computer, then it's not your computer anymore.

Save to del.icio.us Digg this Submit to StumbleUpon