Disk Encryption Attacks

If you use Windows BitLocker, Apple's FileVault or the TrueCrypt product, take heed.  A new attack show how the data stored in your RAM can be read - sometimes for hours - after you computer is off.  Scraping your RAM is easy once a thief has your hard drive.  Computers that are on, or in the sleep mode are particularly affected.

The basic idea is that these encryption tools keep a copy of the key stored in memory so that on-the-fly encryption/decryption can occur.  By scraping the RAM (see video to learn how), an attacker can easily gain access to the key in memory and unlock all encrypted data.

One point to remember if you use these types of tools.  The tool is not the end of your responsibility when it comes to protecting data.  First, you need to be aware of how the tool works. In this case, it's extremely important to know that the tool stores the key in memory.  Secondly, you need to be aware of how attacks may occur.  If someone is looking over your shoulder in a public place - what can you do?  Suppose your laptop is stolen, do you often leave it in sleep mode?  Physical security is just as important as the tools you use to protect your data.  Don't assume the tool is doing the job for you - it's just an assistant.

If you've got a quick message to encrypt, see my encryption page.