http://www.theregister.co.uk/2008/07/21/cold_boot_utilities/
By John Leyden
The Register
21st July 2008
The security researcher who demonstrated the 'cold boot' attack has
released the source code for the hack. The attack, first demonstrated in
February, uses a set of utilities to lift crypto keys from memory even
after a reboot.
A boon for hackers and computer forensics experts alike, the approach
created a means to circumvent disk encryption simply by powering off a
target machine which has been left hibernating or screen-locked, and
quickly re-booting it to an external hard drive loaded with customised
software. The attack worked because DRAM chips used by modern computers
retain data for seconds or even minutes after being powered down,
contrary to popular opinion. Cooling the chips wasn't absolutely
necessary but aided the process in some cases.
Once the data is recovered utilities are needed to make sense of the
information and perform functions such as correcting errors caused by
bit decay.
The approach was pioneered by researchers from the Electronic Frontier
Foundation, Princeton University and Wind River. One of the researchers
involved in the celebrated hack, Jacob Appelbaum, released source code
for the utilities used for it at the Hackers on Planet Earth (HOPE)
conference in New York last weekend. It's hoped the release of the
utilities will spur the development of countermeasures as well as
raising awareness about the risks posed by the original attack.
[...]
Received on Tue Jul 22 00:02:54 2008