SAN JOSE, Calif.--Disk encryption, which people rely on for protecting sensitive data on laptops, can fairly easily be foiled, security researchers said in presenting a paper on a so-called "cold-boot attack" at the Usenix security conference on Wednesday.
In a new type of attack that requires physical access to a target computer, an attacker can cut power to a machine that is in sleep mode, restore the power, and boot a malicious operating system from a USB drive or an iPod that can copy the RAM contents.
But won't the contents of the RAM be lost when the power is turned off? Actually, no, according to the team of mostly Princeton University researchers led by J. Alex Halderman, a doctoral candidate.
The group found that contrary to common knowledge, RAM data fades gradually over a period spanning from a few seconds to a few minutes after the power is cut. This could give an attacker time to read the RAM data, including encryption keys, after rebooting into a different operating system or removing the memory chips and placing them into a different computer.
This image shows how data on a RAM chip fades gradually over time. The far left shot shows an image in memory five seconds after the power was cut, followed on the right by 30 seconds, 60 seconds and 5 minutes.
(Credit: Center for Information Technology at Princeton University)An attacker can extend the data decay time period by cooling the chip off while the machine is running with a spray of "canned air" commonly used for cleaning keyboards of dust. With liquid nitrogen, an attacker could take days to retrieve the data if needed.
Popular disk encryption schemes like Microsoft's Bitlocker in Vista don't protect against this type of attack, and actually make the laptops more susceptible, the researchers said.
"Overall, the significance is that disk encryption is not the silver bullet that we might have thought in its present state," Halderman, said in an interview after the presentation. "Individuals and businesses that rely on disk encryption need to pay much closer attention to the physical security of their devices."
In addition to Halderman, the research team included Princeton professor Ed Felten, as well as Nadia Heninger, William Clarkson, Joseph Calandrino, and Ariel Feldman of Princeton; Jacob Appelbaum; Seth Schoen of the Electronic Frontier Foundation; and William Paul of Wind River Systems.
This video created by the research team explains how the attack is done:
SAN JOSE, Calif.--A analysis by Google of Web sites that have malware found most of the malicious drive-by activity is due to computers in China, an engineer for the search giant said at the Usenix security conference on Wednesday.
About 67 percent of all the sites that secretly drop malicious software onto visitors' computers are located in China, as are 64 percent of the compromised servers, said senior staff engineer Niels Provos during a presentation here at the event.
"Web based malware is a significant problem and...there is no real good proactive defense against this," Provos said.
Between January and October 2007, Google's malware analysis of 66 million unique URLs found 3.5 million had malware, he said. There was a 90 percent detection rate and the false positive rate was 0.1 percent, according to Provos.
The analysis is part of Google's efforts to steer Web surfers clear of sites with malicious software that can install malware on their computers and turn them into zombies on a botnet, which is a growing problem on the Internet.
The company is using its Web site crawling system that feeds up search results when someone "googles" something to analyze the sites that come up.
Google is creating a list of sites that may be harmful to users and putting a warning next to those sites when they appear in Web search results, Provos said. The company began doing this about two years ago.
Twelve percent of the malware infections were due to ads, based on search traffic, he said.
"We're trying to prevent people from going to places where there is bad content, but at the moment there is nothing I can tell my mother that 'this is what you can do to be safe,'" he said.
SAN JOSE, Calif. -- California voters this year will be using paper ballots that will be optically scanned and manually audited to protect against fraud and problems that have marred elections conducted with electronic voting systems, California Secretary of State Debra Bowen said Wednesday.
Debra Bowen, California's secretary of state, speaks with CNET News after giving a keynote address at the Usenix security conference on the voting plan for the state.
(Credit: CNET News)In a keynote address at the Usenix security conference entitled "Dr. Strangevote or: How I Learned to Stop Worrying and Love the Paper Ballot," Bowen said optical scanning was a "pretty good, although not perfect alternative" to direct-recording electronic voting.
"I don't think a perfect voting system exists or can be created because for every brilliant idea that we execute perfectly we'll have an equally brilliant person figuring out a way around it," she said.
Optical scanning preserves the original ballot and allows the state to check the accuracy of results "through hand tallies of a meaningful percentage of randomly selected precincts after every election and for every contest," she added. "Hand tallies mean never having to say 'I trust you' to hundreds of thousands of lines of code."
Touchscreen systems don't have an original record or any way to reconstruct the voter's intent, Bowen said. Also, e-voting paper trails often are confusing to voters who are forced to verify their votes on paper that appear in a different format from what they saw on the touchscreen, she said.
Not only have outcomes with electronic voting systems been challenged and questioned in real elections, but numerous studies--including a thorough study Bowen commissioned last year--have shown that the e-voting systems can be tampered with, can have programming mistakes that record the wrong results or display the wrong ballot type, and choices can be altered or interfered with as a result of something as simple as barbeque sauce stuck to the touchscreen, according to Bowen.
The frailty of e-voting systems
Reviews of electronic voting systems have found that they are susceptible to virus attacks that can corrupt data and spread from one machine to every other machine in the jurisdiction, she said. Many electronic systems have been found to have hardcoded passwords or passwords that are easy to guess or the same in every machine, and vendors have systems where a single key opens any voting machine from that company, she said.
Bowen told of the ease with which researchers were able to defeat physical security features on e-voting machine, for instance by unscrewing housings to bypass a security seal and thus leaving no evidence that the box was tampered with.
A new report on the ES&S voting systems from a team at the University of Pennsylvania found numerous exploitable vulnerabilities in the system, including the ability to delete data using handheld devices and a small magnet, she said.
With systems that use paper trails combined with electronic ballots, research has found that it can be difficult to see the results on the paper through a plastic covering that they appear behind, and many voters don't bother to try to verify their results.
A paper ballot is a permanent record that is easy to audit, whereas electronic vote records and audit logs can be altered, she said. And many e-voting systems use Microsoft Access for tallying votes, which opens the system up to fraud, she added. "Votes can readily be moved from one column to another .... without being detectable."
California and West Virginia are the only two states that have a statutory requirement for random manual vote tallies, according to Bowen.
"I added requirements for additional manual tallies of 10 percent of precincts in any contest where the margin of victory is less than one half of one percent," Bowen said. If there is a problem with the scanning software for any reason additional audits can be done, she added.
VIDEO: Bowen tells CNET News what system will be used in the November elections and why she thinks it is better than relying on electronic voting systems that use paper trails.
- prev
- 1
- next
