"SAN FRANCISCO — A group led by a Princeton University computer security researcher has developed a simple method to steal encrypted information stored on computer hard disks.As I tell people I work with, there is NO expectation of privacy in your email, online activities, and apparently now on your encrypted hard drive in your laptop.
The technique, which could undermine security software protecting critical data on computers, is as easy as chilling a computer memory chip with a blast of frigid air from a can of dust remover. Encryption software is widely used by companies and government agencies, notably in portable computers that are especially susceptible to theft."
A few things to note:
- Physical access to a running or recently shutdown computer is required. The passphrases that encrypt and decrypt your data are maintained in unencrypted form in your computer's RAM. While this information is supposed to go away when the power us shut off, the contents of RAM may persist for a few seconds up to a few minutes. Chilling the RAM modules may extend this period to several hours.
- Only a cold shutdown will cause the RAM to clear after a few minutes. Putting the computer into sleep mode keeps the contents of RAM intact. This is by design to permit the laptop to start up in seconds when the user wishes to resume work. How many people use sleep mode routinely? Personally, I don't, especially when traveling. And I require a password to resume work after sleep mode is exited.
- If security tokens are kept on a USB drive or smartcard, and these are part of the security mechanism, then the techniques worked out by the Princeton computer scientists are not effective.