Defeating Hard Drive Encryption Using Ice

March 6, 2008 by Kiltak |

Horror stories about how corporations get their important data stolen from mobile devices have been plentiful in the past few years. To fight the problem, most companies now require that hard drives inside their mobile fleet get encrypted before leaving in the hands of employees. Normally, such a means would be more than enough to ensure data privacy in case of theft, but according to a group of researchers from Princeton University, it isn’t the case anymore.

Like most people, I always thought that RAM modules couldn’t retain their information after being powered off, but guess what? We’re wrong! DRAM chips can take anywhere from a few seconds to a few minutes to lose their stored content, which incidentally can include a drive’s encryption key. Now extracting this key in just a few seconds makes the task downright impossible, but by putting a computer’s memory modules on ice (Yes, ICE!), you can extend their memory retention capability by a few times.

Using this technique, the researchers from Princeton were able to decrypt drives protected by three of the most popular encryption software out there: Linux’s TrueCrypt, Vista’s BitLocker and OS X’s FileVault.

Obviously, protecting yourself against “memory chilling” is very easy. All you have to do is to never leave your computer in sleep or hibernation mode, and to ensure that you power it off a few minutes before leaving it alone.

The following video explains the technique in much more details.