Attack on computer memory reveals vulnerability

Attack on computer memory reveals vulnerability

A team of academic, industry and independent scientists has demonstrated a new class of computer attacks that compromise the contents of secure memory systems, especially in laptops.

The attacks overcome a broad set of security measures called disk encryption, which are meant to secure information stored in a computers permanent memory. The scientists cracked several widely used technologies, including Microsofts BitLocker, Apples FileVault and Linuxs dm-crypt, and described the attacks in a paper and video published on the Web Feb. 21.

The team reports that these attacks are likely to be effective at cracking a number of other disk encryption systems because these technologies have architectural features in common.

Weve broken disk encryption products in exactly the case when they seem to be most important these days: laptops that contain sensitive corporate data or personal information about business customers, said Alex Halderman, a Ph.D. candidate in Princetons computer science department. Unlike a number of security problems, this isnt a minor flaw; it is a fundamental limitation in the way these systems were designed.

The attack is especially effective against computers that are turned on but are locked, such as laptops that are in a sleep or hibernation mode. One effective countermeasure is to turn a computer off entirely, though in some cases even this does not provide protection.........