Encrypted drives hacked through cold boot
Modern memory (DRAM), contrary to conventional wisdom, stores information after a power outage from several seconds to several minutes (and if it is cooled with liquid nitrogen, up to several hours). This makes it possible, for example, to turn off the power of a loaded computer, transfer memory to another computer, and load a special utility on it that scans the memory and finds the disk encryption keys in it. Or do not rearrange the memory anywhere, but simply connect the USB screw to the computer being cracked, and after the power has been tweaked, boot from it. Hacking confirmed for BitLocker, FileVault, dm-crypt, and TrueCrypt.
New Research Result: Cold Boot Attacks on Disk Encryption
Lest We Remember: Cold Boot Attacks on Encryption Keys (with video)
New Research Result: Cold Boot Attacks on Disk Encryption
Lest We Remember: Cold Boot Attacks on Encryption Keys (with video)
')
Source: https://habr.com/ru/post/20654/
All Articles