|
|
|
|
The move, which cannot be carried out remotely, exploits a little-known vulnerability of the dynamic random access memory (Dram) chip. Those chips temporarily hold data, including the keys to modern data-scrambling algorithms. When a computer's electrical power is shut off, the data, including the keys, is supposed to disappear. In a technical paper that was published on the website of Princeton's Centre for Information Technology Policy, the group demonstrated that standard memory chips actually lose their data seconds or even minutes after power is cut off. When the chips were chilled using an inexpensive can of air, the data was frozen in place, permitting the researchers to easily read the keys - actually long strings of ones and zeros - out of the chips' memory. 'Cool the chips in liquid nitrogen (-196 deg C) and they hold their state for hours at least, without any power,' wrote Princeton computer scientist Edward Felten in a Web posting. 'Just put the chips back into a machine and you can read out their contents.' The researchers used special pattern-recognition software they had written to identify security keys among the millions or even billions of pieces of data on the memory chip. 'We think this is pretty serious, to the extent people are relying on file protection,' Professor Felten said. The team, which includes five graduate students led by Prof Felten and three independent technical experts, said that it did not know if such an attack ability would compromise government computer information because details of how classified computer data is protected are not publicly available. Officials at the United States Department of Homeland Security, which paid for a portion of the research, did not return repeated calls for comment. The researchers also said they had not explored disk encryption protection systems that are now built into some commercial disk drives. But they noted that they had proved that so-called Trusted Computing hardware, an industry standard approach that has been heralded as significantly increasing the security of modern personal computers, does not appear to stop the potential attacks. A number of computer security experts said the research results were an indication that assertions of robust computer security should be regarded with caution. 'This is just another example of how things aren't quite what they seem when people tell you things are secure,' said Mr Peter Neumann, a security researcher at SRI International in Menlo Park, California. The researchers wrote that they were able to compromise encrypted information stored using special utilities in the Windows, Macintosh and Linux operating systems. 'The software world tends not to think about these issues,' said Professor Matt Blaze, an associate professor of computer and information science at the University of Pennsylvania. 'We tend to make assumptions about the hardware. When we find out that those assumptions are wrong, we're in trouble.' NEW YORK TIMES
| ||||||||||||||||||||||||||||||
 |
||||||||||
|
||||||||||
 |
||||||||||
|
||||
|
||||
|
||||
|
||||
|
|
