The Encrypted Data on Your Hard Drive Isn't Safe

The data on your computer's hard drive isn't safe. Even if you subscribe to one of the encryption services like BitLocker (Microsoft), FileVault (Apple) or use Linux dm-crypt, it is possible for a hacker, using off-the-shelf hardware and a bit of technical know-how, researchers at Princeton University have found a way to hack into the information on your hard drive, despite these efforts. And they didn't need physical access to the computer - just access to the RAM memory chip.

This is awful news for people who carry around sensitive data on laptops, or are hooked up to networks with less than stellar security. Malicious hackers are probably already aware of the means to break through the encryption technologies being employed by literally hundreds of thousands of government employees, corporations, and private citizens attempting to protect their sensitive data using one of the popular encryption technologies.

"We've broken disk encryption products in exactly the case when they seem to be most important these days: laptops that contain sensitive corporate data or personal information about business customers," said Alex Halderman in a press release. Halderman is a Ph.D. candidate in Princeton's computer science department. "Unlike many security problems, this isn't a minor flaw; it is a fundamental limitation in the way these systems were designed."

This exploit makes use of something the average person may not know - the data stored in the memory chip, or RAM, doesn't just disappear when you shut off your computer or put it into sleep mode. It takes from a few seconds, to a few minutes, for the data stored in the RAM to actually degrade and disappear, much like a phantom in a breeze. The secret "keys," long strings of random numbers generated by the encryption software, remain readable in the RAM for that long, making it possible to read the information, reboot the computer, and feed it back in and unlock the hard drive.

The time needed to access the RAM chip was able to be extended using something that you might commonly carry with your laptop, or have around your desktop - canned air. By cooling the chip using canned air, the researchers were able to extend by several minutes the length of time before the encryption keys degraded - giving them a chance to remove the chip from the original machine, read the keys, then return the chip to the original machine, reboot it, and get into the secured data.

"This method is extremely resistant to countermeasures that defensive programs on the original computer might try to take," Halderman said.