Cold boot encryption-bypassing source code published

A team of computer scientists has published source code that can in some circumstances bypass encryption used in Microsoft's BitLocker and Apple's FileVault and be used to view the contents of supposedly secure files.

We reported in February on their research, which describes how the contents of a computer's memory could be dumped to a hard drive and the encryption keys forcibly extracted.

The source code includes tools for imaging the target computer's memory through USB and Netboot, and analyzing the memory image to extract AES and RSA encryption keys, even if they're partially degraded. It was published to coincide with the Last HOPE hacker conference over the weekend in New York, where research team member Jacob Appelbaum gave a presentation.

This collection of utilities will be of special interest to security researchers and computer forensics specialists in law enforcement or working for police. (A Justice Department conference that starts Monday, for instance, includes two panels on computer forensics.) It allows police to seize a computer with an encrypted volume mounted that may be asleep or locked with a screensaver, plug in a UPS, and eventually extract its memory and encryption keys.

If you're worried about this threat or the possibility of nosy border guards rummaging through your files, unmount your encrypted volumes when you're not using them or, better yet, completely power down your computer.

As more people use encryption--FileVault is built into all recent versions of OS X--finding ways to respond to it will become more of a challenge for law enforcement. In December, a federal judge ruled a man charged with transporting illegal images could not be forced to turn over his PGP pass phrase.

[ralfthedog]

Cool! this knowledge has existed for quite some time. People tend to be far to confident in their encryption and other security tools. As these exploits move out of the hands of governments and into the hands of the people, we will learn how better to protect ourselves.

The first step to protecting yourself from a gun is learning what a gun is and what it can do.

[kkohnen]

This is an argument for hardware bulk drive encryption such as Hitachi and Seagate offer. With those, the key doesn't stay in the computer memory - it gets stored in volatile RAM within the hard drive. Once that gets powered down you're pretty much secure.

Some notebooks have shock sensors. I imagine it wouldn't take much programming to make the shock sensor automatically power the computer down if it gets moved.

It's a real cat and mouse game out there!

[exmsft]

There's a free Mac Book Pro application that actually pretends to be a classic "car alarm" and goes off if the system is moved. More of a toy for now - but the potential is there to actually treat that as a real security solution in some manner

[inachu]

Oh I am sure there will be police who play GOOD COP/BAD COP just to find out that the only thing John Doe had on his pc was pictures of his wife and kids.

For this reason alone I will never ever give up my passwords to anyone.

[CmdrRickHunter]

First off, title is wrong. This is a hot-boot exploit. Shutting down your computer (his sugestion for avoiding the problem) is what is called a "cold boot." Second, @kkohnen, while relying on RAM in the harddrive itself is 'better,' there's still the fundamental issue that some part of your computer has the heys, and anyone with physical access and enough skill can get to them. Its as Mitnick once said, "The only computer that is truly safe is one in a guarded concrete bunker, underground, unplugged... and even then I'd check on it every now and then."

[declan00]

If you actually read the paper, you'll see the title is "cold boot" attacks. If the computer is shut down for 30 seconds -- not a "hot boot" -- the keys will likely be able to be recovered. Hence the title of the paper and the article. Shutting it down for a few minutes, on the other hand, will probably cause sufficient memory decay.

You _did_ of course read the paper before saying the title was wrong, right?

[kkohnen]

Well, you have to actually have the key _SOMEWHERE_ in order to use the data. If I understand correctly, however, once you enter the key into the drive, you can't read it out again - the chip that holds and uses the key won't let you.

In addition, the AES key expansion schedule takes a small (e.g. 128 bit key) and expands it to well over 1,000 bits using a public domain algorithm. That puts LOTS of redundancy into the expanded key so that even if lots of the bits get corrupted, it's not hard to get the 128-bit key back. Having ONLY the key in memory makes it much harder to recover it if you do get a corrupted version - you don't have much of an idea how to extract the original key because there's no redundancy.

That said, you're right. Folks who really rely on information not being able to get out put it in guarded concrete bunkers. (Having the computers unplugged does, however, make it harder to get any work done).

[The_Decider]

Phrases to watch out for and will clue you in to the fact that the speaker doesn't know what he/she is talking about:

"The data is safe it is encrypted"

Besides what is mentioned in the article you would be surprised how easy it is to get keys via google.

"My network is secure, it is behind a firewall"

Unrelated to this article but it never ceases to amuse me.

[alegr]

"Besides what is mentioned in the article you would be surprised how easy it is to get keys via google." This is exactly what you said: "Phrases to watch out for and will clue you in to the fact that the speaker doesn't know what he/she is talking about"

[The_Decider]

Do you have a point?

The phrases were surrounded by " " the rest is commentary. Fairly obvious.