Sleeping laptops open to attack

22 Feb 2008

The hard drives of computers, particularly laptops, that use disk encryption to safeguard sensitive information are not as secure as was previously thought and can be easily hacked, say a team of academic and industry researchers.

The team, which included researchers from Princeton University as well as from the Electronic Frontier Foundation, found they were able to crack existing encryption technologies, including Microsoft’s BitLocker, Apple’s FileVault and Linux’s dm-crypt.

Laptops were particularly vulnerable, he said, when left in power-saving or sleep mode. The advice given by the research team is to exercise caution and shut down your laptop completely while travelling.

“We’ve broken disk encryption products in the exact situations where they seem the most important these days: laptops that contain sensitive corporate data or personal information about business customers,” said Alex Halderman, a PhD student in Princeton’s computer science department.

“Unlike many security problems, this isn’t a minor flaw; it is a fundamental limitation in the way these systems were designed.”

Encrypted data can be compromised because attacks exploit the fact that when information is first stored in a computer’s DRAM or temporary working memory, it doesn’t wipe clean instantly when a computer is turned off: it takes anywhere from a few seconds to a minute to disappear depending on how cold the computer chip is.

The researchers found that using commercially available keyboard cleaning products that disperse canned air, they could cool the memory chip down to the point where after power was cut from a laptop a hacker could access 99.9pc of DRAM information for up to ten minutes, before it completely disappeared.

“Disk encryption is often recommended as a magic bullet against the loss of private data on laptops,” Felten said.

“Our results show that disk encryption provides less protection than previously thought. Even encrypted data can be vulnerable if an intruder gets access to the laptop.”

This new research is contained in an academic paper which Princeton University has submitted for publication.

By Marie Boran