Hard drive encryption has Achilles heel

University finds new way to steal hard drive encryption key

If you think that encrypting your laptop's hard drive will keep your data safe from prying eyes, you may want to think again, according to researchers at Princeton University.

They've discovered a way to steal the hard drive encryption key used by products such as Windows Vista's BitLocker or Apple's FileVault. With that key, hackers could get access to all of the data stored on an encrypted hard drive.

That's because of a physical property of the computer's memory chips. Data in these DRAM (dynamic RAM) processors disappears when the computer is turned off, but it turns out that this doesn't happen right away, according to Alex Halderman, a Princeton graduate student who worked on the paper.

In fact, it can take minutes before that data disappears, giving hackers a way to sniff out encryption keys.

For the attack to work, the computer would have to first be running or in standby mode. It wouldn't work against a computer that had been shut off for a few minutes because the data in DRAM would have disappeared by then.

The attacker simply turns the computer off for a second or two and then reboots the system from a portable hard disk, which includes software that can examine the contents of the memory chips. This gives an attacker a way around the operating system protection that keeps the encryption keys hidden in memory.

"This enables a whole new class of attacks against security products like disk encryption systems that have depended on the operating system to protect their private keys," Halderman said. "An attacker could steal someone's laptop where they were using disk encryption and reboot the machine ... and then capture what was in memory before the power was cut."

Some computers wipe the memory when they boot up, but even these systems can be vulnerable, Halderman said. Researchers found that if they cooled down the memory chips by spraying canned air on them, they could slow down the rate at which memory disappeared. Cooling chips down to about -58 degrees Fahrenheit (-50 degrees Celsius) gave researchers time to power down the computer and then install the memory in another PC that would boot without wiping out the data. "By cooling the chips we were able to recover data perfectly after 10 minutes or more," Halderman said.

Led by Princeton University, the team included researchers from the Electronic Frontier Foundation and Wind River Systems.

U.S. states have enacted a series of tough data disclosure laws over the past five years which force companies to notify residents whenever they lose sensitive information. Under these laws, a missing laptop can cost a company millions of dollars as well as public embarrassment as it is forced to track down and notify those whose data was lost.

However, many state laws, such as California's SB 1386 make an exception for encrypted PCs. So if a company or government agency loses an encrypted laptop containing sensitive data, they are not compelled to notify those affected.

The team's research may spur legislators to rethink that approach, Halderman said. "Maybe that law is placing too much faith in disk encryption technologies," he said. "It may be that we're not hearing about thefts of encrypted machines where that data could still be at risk."

Laws like SB 1386 treat encryption as if it's a "magic spell" and ignore the fact that there's such a thing as bad encryption, said encryption expert Bruce Schneier, who is chief technology officer with BT Counterpane.

The underlying problem is that if someone gains access to your machine, it is very difficult to protect the data on your hard drive, Schneier said. "That's an extremely hard problem for a lot of reasons, and this is one example of that."

Hardware-based encryption would probably reduce the risk, Halderman said, but he agreed that "it's a difficult problem."

Hard-drive makers, Seagate and Hitachi, both offer hardware-based disk encryption options with their hard drives, although these options come with a premium price tag.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?