Feb 25, 2008

RAM Dumping to Hack Encrypted Hard Drives

I read a blog post from Wired last Friday about a Princeton University experiment where they were able to hack into encrypted laptops by dumping the encryption key from RAM on the target computer. I was going to write about it today, and input my two cents, but my buddy Karl over at Ask The Admin beat me to it. So as not to do double work, I will re-post what he had to say on it, then proceed with my two cents. Before I do though, I wanted to point out that the Princeton experiment was conducted on machines protected by Bitlocker, FileVault, Truecrypt and DM-Crypt. Here is what Karl had to say:

Have you seen this video yet? Even my mom has seen it but how many of you are actually using disk encryption? Really that many??

What kind of illegal or illicit shit are you into?

And you think your data warrants a torrent of hackers going after YOUR lappie?

No we kid, we kid, of course AtA is all about privacy and protecting that (no matter if you are a shaddy admin or the pot dealer across the way). So have two tips to lock your laptop down. Harden that bitch so this doesn't happen to you!

  • Disable usb booting from bios. So no one can boot to a live OS and harvest your shiznit.
  • Enter a bios password for the hard drive and on boot. So no one can get in to change your options or even get a crack at your ram.

Thats it - that simple. Don't say we never done nothing for ya. What do you guys do to lock down your systems from these kinds of attacks? Do you use encryption? [Via Hackaday Via Princeton]

full hard drive encryption hack

Karl's method of protection is about as good as you can do, however using the trick mention, you can remove the RAM and stick it in another computer, so disabling the USB boot option won't help. Setting the BIOS password is nice too, but anyone performing this hack will also most likely know about the CMOS battery/jumper trick to reset BIOS back to default.

The big problem I have with this hack though is the lack of time you have to do it. If someone locks their computer and walks away, then you have a lot of time to do it. You can snatch the laptop, take it home and perform the hack (Hopefully they have plenty of juice in their battery). If someone powers down their laptop before they walk away, now you have to race the clock. In the video they said that freezing the RAM with the air duster does buy you an additional 10 minutes. Lets double that for the sake of argument. Now you have 20 minutes where the bits in RAM have little degradation, you still have to snatch the laptop and get to a secluded place to do the hack. How long does it take to get to said secluded place? It just doesn't seem that plausible to me that people will be doing this hack because of the sheer pain in the arse of it.

I think the law of laziness applies here just like anything else. If bad guys really want your shit they will get it. Nothing has changed there. The good news is that 9 times out of 10 if your laptop is harder than the next guy's to hack, then they will leave your stuff alone and get the next guys.

What's your take on the subject? Hit me up in the comments!

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam