Home > Geeky, Security > Frozen (laptop) Memory

Frozen (laptop) Memory

March 5, 2008

There have been a lot of news articles about the discovery at Princeton that cooling the RAM chips of a laptop to -50C enable a quick restart from sleep mode, and potentially allowing retrieval of encryption keys residing in the chips.  The news media has been treating this as a major vulnerability.

You take the stolen, sleeping laptop, remove the cover to the RAM chips, freeze them with an inverted can of “canned air”, and then “cut the power and then re-attach the power, and by doing that will get access to the contents of memory – including the critical encryption keys.”  It’s being touted everywhere as a “major vulnerability”

Umm, sure… I do it all the time and the encryption key just pops right up on screen in a blinking box labelled “Encryption Key”.  Movie and TV writers, freshly off-strike, are probably dying to use this in a story.  That math guy on “Numb3rs” will pull it off in the bad guy’s apartment with whatever stuff is lying around and the seconds ticking off toward disaster. 

Essentially what the hacker needs to do is remove the chips from the laptop, put them – still frozen – in another laptop that is running a memory-analysis utility, access the chips and “dump” the memory contents to the a file on the hard drive.  Or somehow load a new operating system into the first laptop without writing to any of the memory in its RAM chips.  Simple! 

What Professor Felton and his team found was that cooling memory chips “enhanced the retention of data in memory chips.”  That’s a long way from a usable hacking technique.  So you have to power completely down if you think your laptop might get stolen and it contains a huge database of people’s personal information.  Or… don’t carry stuff like that around on laptops!  There.  Problem solved. 

Categories: Geeky, Security
  1. March 5, 2008 at 09:06 | #1

    These two links make things a little easier than freezing RAM chips and I would consider them real vulnerabilities.
    Windows Passwords over Firewire.
    Bootable USB Drive that can do Memory Dumps.

    The freezing chip vulnerability (if you can call it that) is pretty laughable. But it certainly has lead to some more credible threats.

  2. james old guy
    March 5, 2008 at 12:07 | #2

    Its nice that all these people are working on ways to protect my laptop and computers from being hacked. I would prefer they make the punishment for hacking so severe that it would be in the same catagory as rape or murder.

  3. March 5, 2008 at 12:19 | #3

    We can certainly make stricter laws, but the problem is catching the hackers. It gets even tougher when the hacker is cracking passwords from Russia, Korea, or other remote places.

  4. March 5, 2008 at 14:14 | #4

    The problem is there’s so much money to be made and so little risk of getting caught.  There’s an evolution to theft:

    Willie Sutton, asked why he robbed banks, said “That’s where the money is”

    Back in the S&L;scandal days, musician Don Henley said “A man with a briefcase can steal more millions than any man with a gun.”  But it’s white-collar crime so we don’t exact really serious penalties.

    Now Henley’s briefcase is a keyboard.  But it’s still considered white collar crime and gets light punishment despite the damage it does (and will do) to society.  So it does make sense for us to think about changing cyber-theft to, say, a class-X felony like armed robbery.

    When the same techniques are applied as cyber-terrorism or warfare, better security will do us more good than stronger penalties.

  5. Ted
    March 5, 2008 at 17:59 | #5

    Its nice that all these people are working on ways to protect my laptop and computers from being hacked. I would prefer they make the punishment for hacking so severe that it would be in the same catagory as rape or murder.

    Yeah, we need more people in jail. Now that we’re releasing crack convictions, the beds are going empty.

    Let’s start with the simple stuff like allowing us to control our own data; my data should be mine, not belong to experian, etc. Unfortunately, my privacy protections would run afoul with the property rights that major capitalists hold over my data. So fat chance of legislation there.

    And there have been numerous proposals for RFC based solutions that authenticate mail, authenticate DNS, etc, and those things would decrease the hacker access into PCs but opposed by “marketers”. Likewise, hackers, viruses, and spam are annuity goldmines for vendors that purvey wares to control it (Symantec, Mcafee, etc).

    The joy of an increasing population is that there are more suckers born every day and keeping if only a small part fearful fills the coffers.

Comments are closed.