Cold Reboot Attacks on Disk Encryption

Ed Felten's Freedom to Tinker weblog has a report on research he and his colleagues have done on subverting whole disk encryption by reading the keys from RAM after the machine has been power-cycled. "The root of the problem lies in an unexpected property of today’s DRAM memories. DRAMs are the main memory chips used to store data while the system is running. Virtually everybody, including experts, will tell you that DRAM contents are lost when you turn off the power. But this isn't so. Our research shows that data in DRAM actually fades out gradually over a period of seconds to minutes, enabling an attacker to read the full contents of memory by cutting power and then rebooting into a malicious operating system."

Comments (38 posted)