Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Proposed direct-access vulnerability to Filevault, Bitlocker, etc

mkrishnan

mkrishnan

Moderator emeritus
Original poster
Jan 9, 2004
29,776
15
Grand Rapids, MI, USA
http://www.news.com/8301-13578_3-9876060-38.html?tag=nefd.lede

A group from Princeton University described this "exploit," although whether it is one is debatable...

Their technique doesn't attack the encryption directly. Rather, it relies on gaining access to the contents of a computer's RAM--through a mechanism as simple as booting a laptop over a network or from a USB drive--and then scanning for encryption keys.
Click to expand...

The technique works against most encryption schemes, including the one I use on my iMac and the one on this Eee....

The researchers say their technique works against Apple's FileVault, the BitLocker Drive Encryption feature included in the Enterprise and Ultimate versions of Windows Vista, the open-source product TrueCrypt, and the dm-crypt subsystem built into Linux kernels starting with 2.6. The other researchers include William Clarkson, William Paul, and Ariel J. Feldman.
Click to expand...

Microsoft acknowledges it.

Interestingly, the exploit can supposedly even be done by cooling the memory, extracting it from the computer, and reading it elsewhere.

Realistically, it's not much of a vulnerability. But it is interesting, because the tacit assumption is that a locked, encrypted laptop is safe whether or not it's on....
 
GilGrissom

GilGrissom

macrumors 65816
Mar 13, 2005
1,042
1
Funny thing is FireWire can do it too with its direct memory access, it can grab active memory while the machine is running without the OS even seeing it. You can configure an iPod (older one with Firewire obviously) so you can discretely plug an iPod into a machine and it will grab the memory so you can then extract the keys in your own time to get into the laptop. This kind of vulnerability is not new at all, though with the newly discovered properties of RAM the whole encryption problem has resurfaced.

It's hard to defend against these "cold-boot attacks" however, as the key needs to be stored somewhere while it is unlocked, there doesn't appear to be any real way to 'completely' solve this using software.

Also, a lot of Windows-based machines which use these encryption software that require you to enter a password to decrypt and log on before Windows loads can have their passwords extracted from the BIOS keyboard buffer, if they're not tidy about it.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom