Ed Felten Defeats Hard Drive Encryption
from the ed-felten-strikes-again dept
Ed Felten, and the various grad students who work for him at Princeton, have done plenty to contribute to the computer security field (and make quite a name for themselves), from breaking the old SDMI encryption that the recording industry insisted was unbeatable (which nearly got Felten sued) to showing just how vulnerable e-voting machines are. However, he may have just broken his biggest story yet. Felten and a group of colleagues have now shown that hard disk encryption is incredibly easy to beat. This should be a huge concern, considering how many people and organizations rely on data encryption to protect important data. In fact, with many of the "lost" hard drive stories over the past few years, many organizations have insisted the risk was minimal, since the data was all encrypted. Yet, as Felten's team shows in this video below, not only is it quite easy to defeat the encryption using a simple can of compressed air, in some cases, there isn't much that can be done to protect against this. As the video notes, this won't work on some systems if the computer is turned completely off and the encryption package opens up before the operating system boots -- but otherwise, most systems are vulnerable.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: ed felten, encryption, hard drives, security
Reader Comments
Subscribe: RSS
View by: Time | Thread
This, combined with the password entry before the OS starts running, would cover all the bases, wouldn't it?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
All of which is a bit moot as the memory doesn't even need to be in the original PC! A quick spray of liquid CO2 or N2, and just whip them out and into your own device which copies the content for later perusal...
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Ed Felten Defeats Hard Drive Encryption
[ link to this | view in chronology ]
not what it seems
So if you can get to the hard drive or not is irrelevant, there''s plenty of methods This isn't like they magically figured out the encryption key, and also isn't the ram situation "within 1-30 minutes" or something? I mean seriously it may take half of the minute just to get access to what you're looking for.
I salute the method, but there are just too many for this to be truly noteworthy.
[ link to this | view in chronology ]
Only if the AV scanner you are running is familiar with it. If you wrote one for the task, there's only a slim chance it might be detected by the heuristics - which, of course, could easily be tested on another PC, running the same AV software prior to 'delivering' the code.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
More scare headlines
I loaded a huge text file with a repeating, easy to recognize pattern of data (i.e abcdefg...) into memory on one. Hosed it down with Freon. That didn't work - it blew the memory, an experience that I have had in the past when trying to cool down components in troubleshooting. Apparently the small lands on a PC board will shrink from the cold and pull apart.
Started again with another simm. Not so cold this time.
Yanked it hot (as in with power on, not referring to temperature), plugged it into another old junker with a copy of Win 3.1 and powered up. Started scanning memory (that took a while, since my last experience with 3.1 must be about 15 years old.) but...
There was nothing. And since most memory was all zeros, I couldn't be sure that the hardware/bios was not clearing memory on boot. Turned off everything in the bios, tried again, but still got nothing.
Tried not only pulling it hot, but swapping it hot. Problem was that the receiving machine would lock solid instantly. But finally one try got it in and the receiver stayed up. Time that the memory was without power was less than 3 seconds.
Great. Looked all over but no trace of that pattern could be found.
So. This isn't quite as easy as the articles are making out. I am sure that the researchers did what they say, but nobody needs to panic that some DHS cop is going to whip out a spray can and a screwdriver and suddenly look through a persons surfing history. Heck, most government agents that I have run across have trouble opening the lid of the laptop.
DelphiDude
[ link to this | view in chronology ]
Re: More scare headlines
I would like to see an uncut video of a single, or even group, of people trying to pull this off. I mean, it is all described in theory with a bunch of cuts but can you physically do it the way it was shown in time to save the data.
[ link to this | view in chronology ]
Re: More scare headlines
It seems to me that exploit makes use of the fact DRAM chips are powered by pulses and not a continuous supply of power as required by the Static RAM used in much older computers. In a way, it's like keeping a bucket that has a small hole in the bottom filled with water. If you top off the bucket at regular intervals as dictated by the size of the hole in the bottom, the supply of water out of the bottom of the bucket should remain the same. If you fail to fill the bucket, the supply of water will eventually run out, but not immediately. With static RAM, the bucket is more like a pipe, so an interruption of water from one end would quickly be noticed at the other.
In short, it might be that the failure of the experiment to work (other than the RAM chips pulling away from the circuit traces when chilled) may simply be due to the fact the the memory used in the target laptops was of the wrong type for this specific type of attack to work (SRAM vs. DRAM).
If so, the results are still interesting.
Some background info...
http://en.wikipedia.org/wiki/DRAM
http://en.wikipedia.org/wiki/Static_random_access_memory
Then again, I could be completely wrong too.
[ link to this | view in chronology ]
Clarifications
Felten's exploit is based on discovering that the bit state doesn't deteriorate very rapidly, and deterioration can be slowed even further by use of a refrigerant to chill/freeze the memory cells.
[ link to this | view in chronology ]
Wipe the DRAM!
-Michael
[ link to this | view in chronology ]
Yes, I am an idiot
[ link to this | view in chronology ]
Ok, SO - WHAT?
[ link to this | view in chronology ]
if you get the computer while it's on...
[ link to this | view in chronology ]
Its a comprimise
[ link to this | view in chronology ]
sleep mode
[ link to this | view in chronology ]
Re: sleep mode
[ link to this | view in chronology ]
Need sleep mode
Sleep mode:
When referring to speed up the booting process of a PC I have always read everywhere on the net that hibernate is slower comparing it to the boot or sleep process. Hibernate just saves everything to hard drive so you can access it exactly as you had it when leaving the PC. In my PC the booting process is faster than waking it from hibernating, which sometimes hangs. Maybe something is wrong with my PC. I don't know...
[ link to this | view in chronology ]
Hibernation is Probably Safe with most products
I hate to shut down, and hibernating takes too long (even longer now that it's being encrypted) so I just stand by. Looks like I'll have to get used to shutting down.
[ link to this | view in chronology ]
Off Topic
I have worked with several law enforcement companies that have sophisticated ways of dismantling a drive and pulling data off. Whom are you trying to keep the data away from anyway? If they are good enough to crack this stuff then most likely they have a job paying them more then what this data is worth.
[ link to this | view in chronology ]
The classic method
[ link to this | view in chronology ]
this is not something new
I'm a computer scientist and work for Novell who make SuSe Linux.
if you use something like these products the chances are that your password is only a very small one - as most people will not make the password overly long (aka >20 characters) and even sometimes it is something obvious!
so the vulnerability due to a brute force attack is still about 50-100x more likely to break your encryption than this method is :| due to physical acess needed shortly after a powerdown.
[ link to this | view in chronology ]
This article is misleading...
So a grave disservice is done with the headline "Ed Felten Defeats Hard Drive Encryption". He has done nothing of the kind. He has only circumvented one form of it. If he can defeat the encryption in the hard drive from Seagate I will then be MOST IMPRESSED.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]