Encrypted data on laptops not safe

According to new research from the US

Encrypted data on laptops not safe. Hardware, Desktop PCs, Laptops, Security 0

5 March 2008 12:21 GMT / By Katie Scott

A team of US researchers are warning that encrypted data on laptops is far more vulnerable than previously believed.

They have shown that it is possible to recover the key that unscrambles data from a PC's memory.

These "encryption keys" were thought to be retained in a computer's "volatile memory" for only a few seconds after the machine was switched off.

Volatile memory is typically used in the computer's RAM, and is used as temporary storage for programs and data when the computer is switched on.

But the team found that this data can sometimes be held and retrieved for up to several minutes.

"It was widely believed that when you cut the power to the computer that the information in the volatile memory would disappear, and what we found was that was not the case", Professor Edward Felten of the University of Princeton told BBC World Service's Digital Planet programme.

"The key to making it work is to keep the encryption key secret", he continued.

And now this research shows that locking the laptop screen or switching the machine to hibernate is not enough.

The minutes that the information remains saved is claimed to be enough time for a hacker to retrieve the encryption key and any other data in the volatile memory.

"The real worry is that someone will get hold of your laptop either while it is turned on or while it is in sleeping or hibernation mode", said Professor Felten.

"The person will get the laptop, cut the power and then re-attach the power, and by doing that will get access to the contents of memory - including the critical encryption keys."

Laptops are protected when they first come out of sleep mode, he said, but added a swift re-start after shutting down lowers this protection: "By cutting the power and then bringing it back, the adversary can get rid of the operating system and get access directly to the memory".

Professor Felten said that the best way to protect a computer was to shut it down fully several minutes before going into any situation in which the machine's physical security could be compromised.

"Simply locking your screen or switching to 'suspend' or 'hibernate' mode will not provide adequate protection", he added.

"It does cast some doubt on the value of encryption. I think that over time the encryption products will adapt to this and they will find new ways of protecting information."

Related
Full tags
Hardware, Desktop PCs, Laptops, Security
UK Shopping
Amazon.co.uk, play.com, pixmania.co.uk, Currys.co.uk, Dixons.co.uk, 7dayshop.com, ebay.co.uk
US Shopping
Amazon.com, bestbuy.com, ebay.com

share Subscribe to RSS feeds email story save story print story pdf

Comments

(Will not be published)

  (Next time sign in to bypass captcha)

Latest in Hardware

Latest on Pocket-lint.com

About Pocket-lint

Pocket-lint is your one stop shop for gadgets, technology and consumer electronics, bringing you the low-down on the latest televisions, cameras, phones, GPS and much more. Whether it's learning about what's hot in the world of Apple, finding out about the latest home cinema kit from Samsung and Sony or merely seeing what not to buy, we have you covered. So check out our reviews, news, comment, hands-on photo galleries and videos. Enjoy.

Pocket-lint.com poll

Q. Do you still buy CDs?

Vote YES Vote NO

» LAST TIME
When asked Do you want the Droid by Motorola? 53% said yes and 47% said no

Top 10 Broadband

Compare 50+
broadband packages

Home Broadband »

Top products

tip us on news

Rss feed

Follow us on Twitter