Thursday, February 26, 2009

Even turned off machines can have security hazards!; Cold boot issues

There is another bizarre security threat for computers even after being turned off. It seems to apply to office environments or perhaps areas with public computers. In an environment with encryption, an attacker could cause computers to be turned off, and then steal the RAM and physically take off the encrypted information from a DIMM module.

This possibility was described by Niley Patel, Feb. 2008, in “Engadget” here.

A UK paper called “The Register” describes, in a paper by John Leyden, a “Cold Boot Crypto Attack” which works because DRAM circuits retain data after being powered.down. The story is “Security boffins attempt to freeze out cold boot crypto attack; Cache from chaos”.

The link is here.

All of this came up today (for me) as a topic of interest (after some searching) because suddenly my keyboard became unresponsive, going into the “Standby” panel when I tried to reboot. It remained so when I got the machine to restart (Word would not accept input from the keyboard) and I actually got a “keyboard error” during the boot process. It started working OK after I did a cold boot, and waited about a minute for Microsoft XP to run some repair scripts that seemed to start automatically.

I don’t know what would cause the Bios to lose contact with hardware. McAfee was clean. Maybe it’s overheating and a weak fan. But, a quick search indicates that “keyboard errors” on restart do sometimes happen on Dell machines (just like HAL errors, discussed earlier).

No comments: