What Fooling Around In The Lab Gets You

A chillingly low-tech tool can be used to steal encrypted data stored on computer hard disks, a Princeton University research team has demonstrated. It all revolves around...well, let lead researcher and Princeton computer scientist Edward Felten explain his team's experiments in this blog post:

The root of the problem lies in an unexpected property of todays DRAM memories. DRAMs are the main memory chips used to store data while the system is running. Virtually everybody, including experts, will tell you that DRAM contents are lost when you turn off the power. But this isnt so. Our research shows that data in DRAM actually fades out gradually over a period of seconds to minutes, enabling an attacker to read the full contents of memory by cutting power and then rebooting into a malicious operating system.

Unless the attackers want to get really creative, as Felten says the Princeton group did:

Interestingly, if you cool the DRAM chips, for example by spraying inverted cans of canned air dusting spray on them, the chips will retain their contents for much longer. At these temperatures (around -50 ?C) you can remove the chips from the computer and let them sit on the table for ten minutes or more, without appreciable loss of data. Cool the chips in liquid nitrogen (-196 ?C) and they hold their state for hours at least, without any power. Just put the chips back into a machine and you can read out their contents.

Is this what they're doing in university research labs these days? Spraying everything (and each other, no doubt) with dust remover and freezing stuff? It reminds me of the time in ninth-grade science lab when I "demonstrated" that denim easily absorbs moisture across distance by squirting my friend's crotch from 10 feet away with a water spray bottle. And did I get a grant? No. But I'm not here to rest on my research laurels. The point, as Felten writes, is that "there seems to be no easy fix for these problems. Fundamentally, disk encryption programs now have nowhere safe to store their keys." Thanks a lot, Mr. Freeze.