Ram dumping to defeat disk encryption. Pedophiles and drug czars beware!
Have you seen this video yet? Even my mom has seen it but how many of you are actually using disk encryption? Really that many??
What kind of illegal or illicit shit are you into?
And you think your data warrants a torrent of hackers going after YOUR lappie?
No we kid, we kid, of course AtA is all about privacy and protecting that (no matter if you are a shaddy admin or the pot dealer across the way). So have two tips to lock your laptop down. Harden that bitch so this doesn’t happen to you!
- Disable usb booting from bios. So no one can boot to a live OS and harvest your shiznit.
- Enter a bios password for the hard drive and on boot. So no one can get in to change your options or even get a crack at your ram.
Thats it – that simple. Don’t say we never done nothing for ya. What do you guys do to lock down your systems from these kinds of attacks? Do you use encryption? Hit us up in the new Intense Debate comments. [Via Hackaday Via Princeton]
| Print article |
about 3 years ago
Changing the boot order and protecting the BIOS are a good idea, but the attack also allows for physically removing the RAM and putting it in another machine, so changing the BIOS won't help there.
While these kinds of attacks are interesting, I think if you are facing an adversary who would go to this length, or one where you would seriously consider needing Truecrypt's plausible deniability feature, you are really in a whole different league from most encryption users. That's a situation where the attacker has targeted YOU and/or YOUR data. That is a much rarer occurrence than an attack that is random or someone just looking to steal the hardware.
In those cases any level of encryption would be enough.
It's similar to car theft. Any type of alarm or protection will generally protect you against random shopping mall attacks because there is always going to be an easier target. But if the thief is a professional who has a reason to steal YOUR car or the specific type of car you drive, there's not a whole lot you can do unless you want to spend a huge amount of money and effort.
about 3 years ago
Damn Karl, you scooped me. I was going to blog about this today! I read about this on Friday. Watching the video, it still doesn't get me too worried. In order for someone to do this, they will have to do it close, and will not have much time to do it, even if they froze your ram with the air duster, that only gives them what 10 – 20 minutes of time to hack your stuff? That includes getting your laptop to a secluded spot to do the hack, freezing your ram, then booting up with their boot disk. Someone will have to go through a lot to do it. Besides, the researchers haven't released the source code, or the software for their hacking software. It doesn't look likely to be a wide spread problem yet.
about 3 years ago
Ram dumping tools are available on the web! If you can boot to ubuntu or a live distro you can use the tools on the machine to drop the encryption code (sometimes) Maybe the app that these guys built can do it better but once you have the info dumped from the ram you do not have a time limit @ all!
We will be giving this a try in the next week over @ AtA labs. Stay tuned loyal readers!
about 3 years ago
Let me know how it turns out.
-EDP
http://www.bauer-power.net “>http://www.bauer-power.net
about 3 years ago
Let me know how it turns out.
-EDP
http://www.bauer-power.net “>http://www.bauer-power.net
about 3 years ago
So I reposted this here: http://tinyurl.com/yuhknc “>http://tinyurl.com/yuhknc
You ask what do we use to lock down our systems, well on my work desktop I have the new Truecrypt installed, which is one of the apps tested in the video. I also used to use Compusec (http://tinyurl.com/25shro) “>http://tinyurl.com/25shro) on my personal laptop, but did away with that when I switched to Ubuntu. I guess it doesn't matter what we use anymore huh ;-)
about 3 years ago
So I reposted this here: http://tinyurl.com/yuhknc “>http://tinyurl.com/yuhknc
You ask what do we use to lock down our systems, well on my work desktop I have the new Truecrypt installed, which is one of the apps tested in the video. I also used to use Compusec (http://tinyurl.com/25shro) “>http://tinyurl.com/25shro) on my personal laptop, but did away with that when I switched to Ubuntu. I guess it doesn't matter what we use anymore huh ;-)
about 3 years ago
I went to leave you a comment Paul and it didn't work out for me. The ID timed out trying to save my comment. I was in FF 2. What I wanted to say was:
Thanks for the link and your 2 cents! :)
about 3 years ago
I got your comment. Yours does that to me too. If you refresh the page after you see that error, you will see your comment. Makes sense though, Intense Debate is still in beta.