“We then wrote programs to collect the contents of memory after the computers were rebooted,” he explained. Jacob Appelbaum, a computer security consultant who participated in the project, said the team discovered that on most computers, even without power applied for several seconds, data stored in RAM seemed to remain when power was reapplied. Whether your laptop is stolen, or you simply lose track of it for a few minutes at airport security, the information inside can still be read by a clever attacker.” “But this new class of vulnerabilities shows it is not a sure thing. “People trust encryption to protect sensitive data when their computer is out of their immediate control,” said EFF staff technologist Seth Schoen, a member of the research team. The issue is described as a design limitation that could allow practical attacks against laptops in “sleep” or “hibernation” mode.Īlthough a successful attack requires physical access to the machine, the research finding is significant because it means that sensitive, and encrypted, data stored on laptops can still be hijacked by skilled attackers. Four of the most widely used disk encryption technologies-Windows Vista’s BitLocker, Apple’s FileVault, TrueCrypt and dm-crypt-have been rendered useless by a new attack class, according to a research paper released Feb.
0 kommentar(er)
