Want to break into a computer’s encrypted hard drive? Just blast the machine’s memory chip with a burst of cold air.
That’s the conclusion of new research out of Princeton University demonstrating a novel, low-tech way hackers can access even the most well-protected computers, provided they have physical access to the machines.
The Princeton report shows how encryption, long considered a vital shield against hacker attacks, can be defeated by manipulating the way memory chips work. The researchers say the ease of their attack raises fears about the security of laptop computers increasingly used to store sensitive information, from personal banking data, to company trade secrets, to national security documents.
Freezing a dynamic random access memory, or DRAM, chip, the most common type of memory chip in personal computers, causes it to retain data for minutes or even hours after the machine loses power, the report found. That data includes the keys to unlock encryption. Without freezing, the chip loses its contents within seconds.
Hackers can steal information stored in memory by rebooting the compromised machine with a simple program designed to copy the memory contents – before the computer has a chance to purge sensitive data, according to the study.
Laptops left in hibernation or sleep mode, or simply not turned off at all, are the most vulnerable to the new type of attack.