|« What do I do if my password is wrong? But I'm sure it is not!||Password Carrier and Windows Vista »|
If you watch the evolution of security systems, you are probably aware of the study that explains and demonstrates how private data can be extracted from the system's memory, by forcing a reboot or extracting the RAM modules.
This is an intriguing research, because it shows how far a sophisticated attacker can get. What makes this even more interesting is the fact that there is empirical evidence that shows that it works not only on paper.
Like other encryption programs, Private Disk is permanently decrypting and encrypting some data whenever files on the virtual disk are read or written. Naturally, the keys must be somewhere in the system's memory, therefore our software can become the target of such an attack.
Why should I not worry about this?
Although the attack can have practical results, there are things that can be done about it.
Imagine that you are an attacker that stumbled upon a computer with valuable data protected by Private Disk. If the keys are in memory, it means that the encrypted disk is mounted - and if so, why not just copy the data from it while no one's watching?
Why is it easier to disassemble a computer in order to make the RAM modules easily accessible, then take the memory out and connect it to another computer? When you're done - you'll put the RAM back but the system will be shut down, so the owner will figure out that something is fishy when they return.
Why is it easier to force a system reboot, configure the BIOS to boot from an external device, then dump the contents of the RAM to the external device for future analysis? As in the previous case, the system will be in a different state when the owner returns, so they will realize that an attack has just occurred.
Besides, there are many things that have to be taken into account, and the attacker can only hope that luck will be on their side; for instance:
Of course, all of these problems have solutions: disassembling a system can be done very quick if you're good at it, and resetting the BIOS settings is a matter of time. But all of this is only useful in one condition - the computer that was left unattended contains a virtual disk in a mountedstate.
This is what brings us to the solution, which is just a set of best practices, which are well known for a long time; once you cycle through each item, ask yourself "which of these I hear for the first time?".
Company owners, administrators, and leaders of the IT department
As you can see, none of the above is new. Of course, this does not mean that the new attack method is useless, but it makes it clear that simple measures can be taken in order to protect your assets. Moreover, all these measures are either free (features such as "disconnect encrypted disks when the system hibernates" in Private Disk, or "Automatic lockdown" in Password Carrier are there for ages), or are already in place (guards, locks, security cameras, etc).
Finally, I must point out that I can hardly imagine a thief who prefers to try this new high-tech wizardry, when it is known that the encrypted disk is already mounted, so all that has to be done is simply copy the data and walk away (which is obviously the path of least resistance).
Summary - the end of the world is postponed yet another time, and you can protect yourself by following a short list of best practices. How is this news?
Make IT secure!
This post has 1098 feedbacks awaiting moderation...
2g 3g antivirus authentication beta biometry «blue screen» bsod business domain driver email encryption «file system» form-filling gsm howto internet iphone keeper keylogger logon mobile password «password carrier» pc/sc phone portability privacy «private disk» release security seven sim «sim card» «sim card forensic software» «sim manager» «sim reader» «smart card» software tips token troubleshooting usability usb usim vista windows wiping xp