If you watch the evolution of security systems, you are probably aware of the study that explains and demonstrates how private data can be extracted from the system's memory, by forcing a reboot or extracting the RAM modules(Sony VGN-FZ140E battery).

This is an intriguing research, because it shows how far a sophisticated attacker can get. What makes this even more interesting is the fact that there is empirical evidence that shows that it works not only on paper(Sony VGN-FZ62B battery).

Like other encryption programs, Private Disk is permanently decrypting and encrypting some data whenever files on the virtual disk are read or written. Naturally, the keys must be somewhere in the system's memory, therefore our software can become the target of such an attack(Sony VGN-FZ70B battery).

Why should I not worry about this?

Although the attack can have practical results, there are things that can be done about it(Sony VGN-FZ71B battery).

Imagine that you are an attacker that stumbled upon a computer with valuable data protected by Private Disk. If the keys are in memory, it means that the encrypted disk is mounted - and if so, why not just copy the data from it while no one's watching(Sony VGN-FZ72B battery)?

Why is it easier to disassemble a computer in order to make the RAM modules easily accessible, then take the memory out and connect it to another computer? When you're done - you'll put the RAM back but the system will be shut down, so the owner will figure out that something is fishy when they return(Sony Vaio VGN-FZ31J battery ).

Why is it easier to force a system reboot, configure the BIOS to boot from an external device, then dump the contents of the RAM to the external device for future analysis? As in the previous case, the system will be in a different state when the owner returns, so they will realize that an attack has just occurred(Sony VGN-FZ145E battery).

Besides, there are many things that have to be taken into account, and the attacker can only hope that luck will be on their side; for instance(Sony Vaio VGN-FZ31B battery):

is there a guarantee that upon a system reset, there will be no password prompt when entering the BIOS settings(Sony VGN-FZ18L battery)?

what makes the attacker sure that the BIOS is configured to allow booting from any external device(Sony VGN-FW11M battery)?

why would it be easy for someone to disassemble a computer and take the RAM out (or reset the BIOS settings) (Sony Vaio VGN-FZ18S battery)?

Of course, all of these problems have solutions: disassembling a system can be done very quick if you're good at it, and resetting the BIOS settings is a matter of time. But all of this is only useful in one condition - the computer that was left unattended contains a virtual disk in a mountedstate(Sony VGN-FW11 battery).

This is what brings us to the solution, which is just a set of best practices, which are well known for a long time; once you cycle through each item, ask yourself "which of these I hear for the first time?" (Sony Vaio VGN-FZ18S battery).

End users

Password protect the BIOS;

Don't allow the system to be booted up from anything other than the internal drive (no external devices, CDs, or network booting) (Sony Vaio VGN-FZ210CE battery);

Dismount your encrypted disks if they are not in use;

Turn the computer off when it is not in use for a long time (cut your electricity bill, save your planet) (Sony VGN-FZ230E battery).

Company owners, administrators, and leaders of the IT department

Do not allow full physical access to corporate workstations;

Make sure that every employee understands that a stranger walking around with a canister of liquid nitrogen (to cool down the extracted RAM modules to keep their contents intact longer) is not a common phenomenon, and this should be reported immediately(Sony Vaio VGN-FZ21S battery);

Make it impossible for a stranger to enter the office when no one is around;

Use surveillance equipment to monitor remote locations (this implies that the sly attacker managed to get past the guards who found nothing suspicious about a "smoking" canister of liquid nitrogen in the hands of a stranger who visits the office past working hours and ends up doing something in the server room after unlocking multiple doors with the power of thought) (Sony Vaio VGN-FZ21E battery ).


Do not keep the keys in the memory when you don't need them, overwrite the memory with some other data as soon as the keys are not required(Sony VGN-FZ18 battery).

As you can see, none of the above is new. Of course, this does not mean that the new attack method is useless, but it makes it clear that simple measures can be taken in order to protect your assets(Sony VGN-FZ190E battery). Moreover, all these measures are either free (features such as "disconnect encrypted disks when the system hibernates" in Private Disk, or "Automatic lockdown" in Password Carrier are there for ages), or are already in place (guards, locks, security cameras, etc) (Sony VGN-FZ190 battery).

Finally, I must point out that I can hardly imagine a thief who prefers to try this new high-tech wizardry, when it is known that the encrypted disk is already mounted, so all that has to be done is simply copy the data and walk away (which is obviously the path of least resistance) (Sony VGP-BPS9/B battery).

Summary - the end of the world is postponed yet another time, and you can protect yourself by following a short list of best practices. How is this news(Sony VGN-FZ15G battery)?

Leave a Reply.