Last week, some Princeton researchers demonstrated a technique for recovering cryptographic keys from RAM.
Here’s their Youtube video:
The typical security hype cycle then followed with articles from SANS: In Memory of Hard Disk Encryption? and then the usual computer trade mags, and then ultimately an AP story: Blast of cold air can open computer to hackers.
That latter article began “Want to break into a computer’s encrypted hard drive? Just blast the machine’s memory chip with a burst of cold air.” Gee that sounds really about as easy as opening a Kensington lock. I can just imagine the bulletins sent out by corporate security departments all over the country.
“If approached by Jack Frost, do not let him spray your computer with cold air. Flee and notify your IT Security Department as soon as possible”.
The truth is a little less dire. Yes, data remains in RAM a bit longer than you’d expect. Yes cold air could be used to preserve the data in RAM. However in practice this means an attacker would have to physically compromise your computer within one or two minutes of turning it off.
Here’s what I think is important:
1. Users should never use standby unless they are aware that their data is at risk. Personally I advised that before this came out. So this is nothing new.
2. The system is vulnerable when its online but screen locked. Again, I dont think this is new.
3. When you turn your computer off, wait two minutes before you let someone plug in a unknown USB device or spray down the RAM with compressed air. Duh.
Non-technical people read these articles and they think the pain of full disk encryption wasn’t worth it. Anytime a bad guy has physical access to the computer, you’ve got a problem. It seems that this attack works best in the lab and can be defeated with a few steps that you should be following anyway.