You might think that encrypted data on your laptop is safe from hackers, but you’d be wrong. Imagine this scenario: you’re at a café working on your next blockbusting sci-fi novel. You close the lid for a moment to pay the bill and when you return, the laptop has vanished. Oh well, it’s not too much money for a successful novelist. You’re also not concerned about someone stealing your novel because there’s a backup copy at home and the laptop has a password-protected account and disk encryption.
Disk encryption works by keeping a encryption ‘key’ in memory while the computer is in use. This key is linked to your account and Windows won’t give up your key to anyone else unless they have your account password. Unfortunately, there is a chink in the armour. It was previously thought that when the power is cut, all data in the computer’s DRAM (dynamic random access memory) automatically vanished. However, Professor Edward Felten and his team at Princeton University have discovered that data remains intact for a few minutes after the computer is turned off, and can last for hours if the memory is cooled. This opens up a new channel for attack:
- Steal a laptop that is running on sleep mode.
- Insert a flash drive containing a customized rogue operating system.
- Hard reboot the laptop. The rogue OS is loaded and it proceeds to grab your encryption key from memory.
With the encryption key, the attacker can now read all your files. Solution: don’t go to the café when hi-tech theives are about.
Watch the video to learn more: