Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share

Encrypted PCs Still at Risk

Scientists demonstrate ability to extract encryption keys that linger in PC memory

Mar 06, 2008 | 04:30 AM

By Tim Wilson
DarkReading

Even if your hard drive is encrypted, your PC hard drive could be hackable for several minutes after it's been turned off, scientists say.

Researchers at Princeton University have proven that the data held in so-called "volatile memory" -- previously thought to last only a few seconds -- can actually be captured and retrieved for several minutes after a machine is switched off, according to a report.

The research suggests that a criminal might be able to capture the encryption keys of a stolen PC, especially if it is turned on or in sleep mode when it is stolen. A few minutes is enough time for a hacker or attacker to retrieve the key from the RAM memory chips, researchers say.

"The real worry is that someone will get hold of your laptop either while it is turned on or while it is in sleeping or hibernation mode," said Edward Felten, the professor who headed up the study. "The person will get the laptop, cut the power and then re-attach the power, and by doing that will get access to the contents of memory -- including the critical encryption keys."

The study "does cast some doubt on the value of encryption," Felten says. "I think that over time, the encryption products will adapt to this, and they will find new ways of protecting information."

— Tim Wilson, Site Editor, Dark Reading


Subscribe to RSS










Bugs
ENTERPRISE VULNERABILITIES
Vulnerability:suse linux
Published:2010-01-22
Severity:High
Description:SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
Vulnerability:ie
Published:2010-01-22
Severity:High
Description:The URL validation functionality in Microsoft Internet Explorer 7 and 8 does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
Vulnerability:bind
Published:2010-01-22
Severity:Medium
Description:ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
Vulnerability:ie
Published:2010-01-22
Severity:High
Description:Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
Vulnerability:ie
Published:2010-01-22
Severity:High
Description:Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.


Briefing Centers
POWERFUL INFORMATION
AT YOUR FINGERTIPS
(SPONSORED LINKS)