Xeni visits the offices of the Electronic Frontier Foundation and speaks with Jake Appelbaum and Bill Paul, two of the authors of a security research paper that shows how your computer's memory can be tricked into revealing data you thought was safely encrypted, and out of the reach of others.
One method involves using a can of compressed air to quickly cool the memory chip, but freezing the target isn't the only way to lull it into submission -- Paul shows us how to use an iPod or a USB thumb drive to do the same thing. These methods have been shown to defeat three popular
disk encryption products commonly used to protect data on laptops: BitLocker (Windows Vista), FileVault (MacOS X), and dm-crypt (Linux).
Here's the entire text of the report draft, released earlier this year: Lest We Remember: Cold Boot Attacks on Encryption Keys
. Authors: J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten.
The team plan to research additional software tools and a final version of their report at Usenix Security Symposium in July/August.
Special thanks to Seth Schoen and Peter Eckersley of the EFF.