Proposed direct-access vulnerability to Filevault, Bitlocker, etc

Discussion in 'Apple, Inc and Tech Industry' started by mkrishnan, Feb 21, 2008.

  1. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #1
    http://www.news.com/8301-13578_3-9876060-38.html?tag=nefd.lede

    A group from Princeton University described this "exploit," although whether it is one is debatable...

    The technique works against most encryption schemes, including the one I use on my iMac and the one on this Eee....

    Microsoft acknowledges it.

    Interestingly, the exploit can supposedly even be done by cooling the memory, extracting it from the computer, and reading it elsewhere.

    Realistically, it's not much of a vulnerability. But it is interesting, because the tacit assumption is that a locked, encrypted laptop is safe whether or not it's on....
     
  2. GilGrissom macrumors 65816

    GilGrissom

    Joined:
    Mar 13, 2005
    #2
    Funny thing is FireWire can do it too with its direct memory access, it can grab active memory while the machine is running without the OS even seeing it. You can configure an iPod (older one with Firewire obviously) so you can discretely plug an iPod into a machine and it will grab the memory so you can then extract the keys in your own time to get into the laptop. This kind of vulnerability is not new at all, though with the newly discovered properties of RAM the whole encryption problem has resurfaced.

    It's hard to defend against these "cold-boot attacks" however, as the key needs to be stored somewhere while it is unlocked, there doesn't appear to be any real way to 'completely' solve this using software.

    Also, a lot of Windows-based machines which use these encryption software that require you to enter a password to decrypt and log on before Windows loads can have their passwords extracted from the BIOS keyboard buffer, if they're not tidy about it.
     
  3. mkrishnan thread starter Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #3
    That's very interesting about Firewire. I had no idea the FW bus had access to the system memory like that. Thanks for pointing it out!
     

Share This Page