Princeton study shows vulnerability to data heists

Until now, encryption was considered a bulletproof method of protecting your data, but a new study out of Princeton indicates that even data encryption is not invulnerable. The whole thing centers on the DRAM chip, which holds the content of your hard drive including encryption keys, has always been thought to lose memory once the computer was powered down.

The Princeton study shows that the memory actually fades over a period of time ranging from several seconds to several minutes. That’s the window of opportunity for attackers.
And it gets worse: that window of opportunity can easily be expanded to several minutes or more. Simply turning a canister of canned air (the stuff typically used to clean computers) completely upside down before spraying lowers the spray temperature to -50°C. At that temperature the DRAM chips hold memory for up to 10 minutes.

And it gets still worse. Liquid nitrogen will take the temperature down to -196°C, giving the attacker several leisurely hours to place the chip in another computer to reveal its contents.

The scientists responsible for this research duplicated their “cold boot” attacks with BitLocker, FileVault and dm-crypt, the most commonly used encryption programs.

If you can’t beat ‘em, slow ‘em down
Other than locking your laptop to your wrist, there’s really nothing you can do to keep your data completely safe. But, there are still a couple things you can do to slow down the attackers.
• Password protecting your screen saver will at least make the thieves work for the data. This method means they’ll have two passwords to dig for. And, because the memory gradually fades, over time more data will be irretrievably lost.
• Never let your computer out of your sight until it’s completely powered down. Don’t just leave it in sleep mode; turn it off 10 minutes before you walk away from it.

For more information about this study, click here.

2 Responses to “Princeton study shows vulnerability to data heists”

  1. Oliver says:

    data encryption…

    You have got to be kidding!…

  2. Mdavies says:

    That’s incredible! I’ve never heard of those techniques but that makes sense. Although, should Princeton really be telling ID thieves how to better steal computers?

Leave a Reply