Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

A Cold Day in RAM

A new hardware exploit could allow RAM contents to be viewed even after powering down.

Become a Patron of Ask Leo! and go ad-free!


Transcript

This is Leo Notenboom for askleo.net.

Just about the time we congratulate ourselves for taking the next step in
security by carefully encrypting everything on our hard disk, out comes a
report that shows – and I do mean demonstrates – that many of the most popular
encryption tools can be defeated without a whole lot of work on the hackers
part.

Now, before we all run around and panic, let’s look at what this is really
all about.

Conventional wisdom is that the contents of your computer’s RAM is lost when
you power down your computer. There are two nuances to that statement that make
that conventional wisdom a little less conventional:

  • First, standby mode does not actually power down RAM. Hibernate mode might
    or might not, but it also writes an image of RAM to your hard disk.

  • Second, it turns out that your RAM actually keeps what’s stored in it for “a
    while” after it’s been powered down. And although “a while” could be a few seconds, it
    could be lengthened into several minutes by cooling down the RAM chips
    before they’re powered down with common cans of compressed air.

Now remember that in order for encryption software like TrueCrypt or Bitlocker
or others to work, they must keep the decryption key in RAM in order to use
it.

So, a hacker comes along, steals your laptop, and if it’s on or in standby
or in hibernation, he might just be able to reboot and run a tool that reads what’s
left in your RAM and locate those keys and then be able to decrypt your
information. It’s even been shown that by cooling the RAM chips they can be
removed and placed in another computer where software can then access the
contents.

Scary, huh? And yes, if you’re a secret agent or carrying corporate or
government secrets around in your laptop you might need to reconsider how you
treat your data.

But what about the rest of us?

Well, I’m not going to panic just yet.

The best advice so far is simply not to rely on Standby or Hibernation for
security and turn off your computer for a few minutes before you might leave it
in any situation where it might be lost or stolen.

Note that this does require physical access to your machine. As I’ve
mentioned before, if your machine isn’t physically secure it’s not secure –
though clearly encrypting the data is one approach to dealing with exactly
that. So, if you’re in a situation where you are at risk of theft, you’ll want
to keep this new possibility in mind.

I fully expect computer manufacturers and encryption software vendors to
come up with some preventative measures as soon as they can.

I’d love to hear what you think. Visit askleo.net and enter 12257 in the go
to article number box to access the show notes, the transcript and a link to
the Princeton University web site with all the details.

While you’re there, browse the hundreds of technical questions and answers on
the site.

Till next time, I’m Leo Notenboom, for askleo.net.

Subscribe to Confident Computing! Tech problem solving & safety tips & a weekly confidence boost in your inbox every week.

I'll see you there!

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

NOW: name your own price! You decide how much to pay -- and yes, that means you can get this report completely free if you so choose. Get your copy now!

2 comments on “A Cold Day in RAM”

  1. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    Have a look at the princeton video. It’s not the compressed
    air itself, it’s the propellant, which sprays out when the
    can is turned upside down, and cools dramatically (-50F is
    what I recall).

    Leo

    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.7 (MingW32)

    iD8DBQFH1LbyCMEe9B/8oqERAluvAJ0esqYyafGNdBIqFbqA/CX1tVLatgCeK9EJ
    Z4Zir/ewBdKWWBSZdxOpW4Q=
    =eeyC
    —–END PGP SIGNATURE—–

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.