Why disk encryption may not be enough

The researcher's software exploits the way in which critical encryption information is stored within a computer's RAM

Trusting the contents of your computer’s hard-drive to disk encryption tools may not be enough to keep prying eyes out should you become the victim of theft.

A team of researchers from Princetown University in the US has managed to engineer a piece of software that is able to extract the data encryption key from a computer’s RAM, even while the computer is asleep or when the user has logged-out. The team has even demonstrated how the attack can be used on the encrypted hard-drive of a recently shut-down computer.

The software exploits the way in which critical encryption information is stored within a computer’s RAM. While the popular myth is that all RAM data disappears as soon as a computer is shut down, the research team have been able to show that this is not actually the case and can be exploited.

It is true that RAM data does eventually disappear, but it's not immediate and takes a few minutes. This gives thieves a window of opportunity to access the data encryption key stored in a computer's RAM. The team also showed how by cooling the RAM thieves can actually prolong the data on it for up to ten minutes, long enough to hook it up to the necessary software.

The attack is said to work on any laptop, regardless of whether it runs on Windows, OS X or Linux. The attack can also be used to access password keystrokes stored in RAM allowing hackers to access a computer while logged-out or in sleep mode.

Of course, all of this information is unlikely to make the slightest bit of difference to average victim of a domestic burglary where the thieves are have-a-go opportunists, but could prove an interesting tool within the murky world of corporate and industrial espionage... if it doesn’t already.