Saturday, February 23, 2008

How safe is my data?

“Uncertainty is the only certainty there is, and knowing how to live with insecurity is the only security.” - John Allen Paulos

Imagine having your laptop stolen! It was insured alright ensuring you suffer no financial losses, but how about the data? No worries there.. my machine is password protected you might say or I use disk encryption softwares. Really? Read on... : )

According to researchers at Princeton University, data stored on your machine can be recovered - yes, even if you locked it - with the help of something as innocuous as a dusting spray!

How does it happen?
DRAMs (Dynamic Random Access memory) is a type of memory that is used to store data while your machine is running. It is a kind of "leaky bucket" (a capacitor) which has to be filled in periodically (charged) otherwise it runs out of water. It was believed that DRAM loses its data as the power is switched off. But actually it fades out over a period of seconds to minutes, depending on the chip manufacturer.

The researchers found out that cooling the DRAM chips with a spray of "canned air" would make the chips retain their contents for as long as 10 minutes! Use of liquid nitrogen would prolong this to hours. The chips could then be removed from the laptop and their data read from.


How they did it!




But I have Disk Encryption Software on my machine?
Very well! The disk encryption softwares store their master decryption keys in DRAM. This is something like handing out the keys of the locker to the thief! The attacker can easily extract the keys from your DRAM and access your data. In this process, the researchers were able to beat the commercially available disk encryption software Bitlocker that comes with Microsoft's Windows Vista and Windows Server 2008 OS.


Security Risk
According to a report by Symantec, average laptop contains data worth approximately $972,000. Sometime back, GE reported the theft of an employee's laptop containing Social Security Numbers (SSN) of 50,000 employees. Ernst & Young, Fidelity investments, The Boeing Co., Ameriprise Financial are just some of those who suffered due to loss of a laptop containing sensitive data.

It is time the security experts do a rethink!
Posted by
Labels: , ,

No comments:

Post a Comment

Have your say!

Subscribe to: Post Comments (Atom)