How to Decrypt an Encrypted Hard Disk
Document Actions
For those that consider disk encryption to be the ultimate tool in fending off hackers and data thieves, a short video should be a strong wake-up call.
Watch this, and be fascinated (maybe with horror):
http://www.youtube.com/watch?v=JDaicPIgn9U
Princeton researchers have found a couple of ways to get around BitLocker etc. I won't bore you with the details - just read this rather informative article
http://www.news.com/8301-13578_3-9876060-38.html?tag=nefd.lede
What's surprising is the EASE with which all the security boundaries were crossed (smashed, actually) and the data retrieved. When a company promises that hard disk encryption will save you from lost data because the thief won't be able to get to your information, they're only half right. If your computer was ON or in sleep mode (or in screensaver lock mode) they can easily get to the RAM and harvest all the memory in it - then simply look for keys.
The best way is to power down your computer and make sure it's off for at least 4-5 minutes, otherwise it's way too easy to get to the innards.
The weakness lies in the fact that the encryption key is stored in RAM - quite obvious because data needs to be en/decrypted on the fly, and the only way this can be done efficiently is by storing it in RAM. The DRAM chips are supposed to lose their data right at power-off, but that's not always true. The chips keep the content alive without any refresh for up to 10 MINUTES. That's a lot of time.
So once they have the computer the hackers would simply remove the chip after spraying it with duster liquid (so it cools it down to -50 deg), and that extends the life of the data on the chips quite a bit. Then they'd copy over the content to their machine and just look for the key. Simple.
Or, they can boot from an external disk and run a program that'll dump the contents of memory and simultaneously retrieve the key as well.
What does this mean for all those people that believed disk encryption was the cure-all? Well, it's still better to have this protection than not to have it, but be careful that you don't have your computer on if you must leave it unattended for even a minute. For any reason whatsoever, don't lose track of it, of course, even for a minute, but if you must...
The article discusses some countermeasures, but the IT organization that was sold on this technology now is probably getting bombarded with all sorts of questions and concerns, and justifiably so.
The only safe way to prevent data theft is to prevent the theft of the computer itself.
Forgot your password?
New user?
