RFC: Flaw in BitLocker, Apple's FileVault, TrueCrypt, and dm-crypt

Discussion in 'Computer Security' started by David H. Lipman, Feb 24, 2008.

  1. http://afp.google.com/article/ALeqM5i0t4sGyIOt776qLZudh4epei2RuQ

    SAN FRANCISCO (AFP) Researchers said Friday they found a way to sidestep
    encryption technology commonly used to protect sensitive data in computers.

    A "major security flaw" in several types of popular encryption software
    exposes supposedly safeguarded information, provided a savvy data thief can
    get hold of the machines, according to the Electronic Frontier Foundation.

    "People trust encryption to protect sensitive data when their computer is
    out of their immediate control," said EFF staff technologist Seth Schoen, a
    member of the research team.

    "Whether your laptop is stolen, or you simply lose track of it for a few
    minutes at airport security, the information inside can still be read by a
    clever attacker."

    Researchers claim they cracked an array of commonly-used encryption
    programs, including Microsoft's BitLocker, Apple's FileVault, TrueCrypt, and
    dm-crypt.

    In a paper published on the Internet, researchers show that data is
    vulnerable because encryption keys and passwords linger in the temporary
    memory of computers after machines lose power.

    "We discovered that on most computers, even without power applied for
    several seconds, data stored in RAM seemed to remain when power was
    reapplied," said research team member Jacob Appelbaum, an independent
    security specialist.

    "We then wrote programs to collect the contents of memory after the
    computers were rebooted."

    Laptops are especially vulnerable to the attack when the machines are in
    lock, sleep, or hibernation modes, according to the report.

    "We've broken disk encryption products in exactly the case when they seem to
    be most important these days: laptops that contain sensitive corporate data
    or personal information about business customers," said Princeton University
    computer science doctoral student J. Alex Halderman.

    "This isn't a minor flaw; it is a fundamental limitation in the way these
    systems were designed."

    Researchers say the attack technique is likely to be effective against many
    other computer disk encryption systems because of structural similarities.

    Turning laptops off completely helps guard against intrusion, but doesn't
    work in all cases, according to the report.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
    David H. Lipman, Feb 24, 2008
    #1
    1. Advertising

  2. David H. Lipman

    Sebastian G. Guest

    David H. Lipman wrote:


    > In a paper published on the Internet, researchers show that data is
    > vulnerable because encryption keys and passwords linger in the temporary
    > memory of computers after machines lose power.



    I found a really bigger vulnerability: The keys are in memory while the
    computer is still powered on. One could simply connect some hardware to the
    memory bugs and read it out directly...
    Or could could attach a key logger and wait until the user enters the
    password...

    > "We then wrote programs to collect the contents of memory after the
    > computers were rebooted."



    Only applies to hardware reboots. If the computer is properly shut down, the
    software simply zeros out the key in memory.

    > Laptops are especially vulnerable to the attack when the machines are in
    > lock, sleep, or hibernation modes, according to the report.



    Hibernate? The hibernate file is stored on the encrypted disc...

    > "This isn't a minor flaw; it is a fundamental limitation in the way these
    > systems were designed."



    No, it's a well known intangible limit known since at least 40 years:
    Software cannot defend against an attacker which has physical access to the
    system.
    Sebastian G., Feb 24, 2008
    #2
    1. Advertising

  3. David H. Lipman

    nemo_outis Guest

    "Sebastian G." <> wrote in
    news::

    ....
    > I found a really bigger vulnerability: The keys are in memory while
    > the computer is still powered on. One could simply connect some
    > hardware to the memory bugs and read it out directly...

    ....

    The "some hardware" is already installed on many computers: Firewire. If
    Firewire is enabled, the computer is on (even with keyboard locked, etc.),
    and I have a few minutes access, I'm in. I can read/write all RAM - I own
    the machine. It's known as the iPod/Firewire attack (for reasons I will be
    happy to explain). See, for instance:
    http://md.hudora.de/presentations/firewire/PacSec2004.pdf

    Yes, even for Windows XP (I just have to mess a little with OHCI CSRs). I

    Regards,
    nemo_outis, Feb 24, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. G. Orme

    RFC's and acronyms

    G. Orme, Jan 18, 2004, in forum: MCSE
    Replies:
    8
    Views:
    1,701
    Dragon
    Jan 19, 2004
  2. Au79
    Replies:
    0
    Views:
    452
  3. Kue2

    Bitlocker error msg

    Kue2, Jan 15, 2007, in forum: Windows 64bit
    Replies:
    12
    Views:
    1,127
    Dennis Pack
    Jan 18, 2007
  4. canixs

    Bitlocker reverse procedure

    canixs, Feb 17, 2007, in forum: Windows 64bit
    Replies:
    3
    Views:
    1,123
    Dennis Pack
    Feb 17, 2007
  5. Have A Nice Cup of Tea

    BitLocker gives dual-boot systems the elbow

    Have A Nice Cup of Tea, Apr 28, 2006, in forum: NZ Computing
    Replies:
    3
    Views:
    402
    -=rjh=-
    Apr 28, 2006
Loading...

Share This Page