Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Incident Response, TDR, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Startup offers solution to “cold boot” hack

A startup vendor of security software says it has a solution to the so-called "cold boot" encryption vulnerability uncovered by a team of Princeton researchers in February.

According to the vendor, HyBlue, its IceLock technology overcomes the cold boot flaw, which allows hackers to steal encryption keys from dynamic RAM (DRAM) memory in laptops that have been recently powered down. According to the Princeton team that made the discovery, the cold boot hack requires attackers to cool a computer's memory to -58 degrees Fahrenheit (-50 degrees Celsius). That essentially "freezes" the contents of the DRAM in memory and gives attackers as long as 10 minutes to examine the DRAM's contents, including cryptographic keys used with disk-encryption products.

The cold-boot process destroys the long-held assumption that the contents of DRAM are automatically erased when the system is powered down, Michael Santarcangelo, founder and chief security catalyst of consultancy Security Catalyst, told

"It seems the chips actually store enough power to maintain things in memory, sometimes for as much as a minute," he said.

This flaw gives attackers their opening. For the hack to succeed, however, the computer must be running or in standby mode. The attacker could then turn the computer off for a second or two, freeze the chips, then reboot the system from a portable hard disk, which contains tools capable of examining the DRAM chips' contents.

Although it should be on their radar, enterprise security professionals should not lose sleep over the cold-boot hack, Santarcangelo said.

"How practical a concern is it today?" he said. "How many people are walking around with compressed nitrogen?" which is necessary to cool the DRAM chips to the required temperature.

Still, it changes the way enterprise security professionals should look at disk encryption, Santarcangelo said.

"It's a real deal and enterprise security professionals should ask their encryption vendors how they'll parry this," he said. "If [vendors] don't have an answer, they're not a good choice.

"If [enterprises] haven't deployed encryption yet, I'd add it to my list of things to get done in 2008," he said. "The cold-boot question is one I'd want to discuss with my vendor."

Santarcangelo called HyBlue's IceLock technology "kind of neat." According to the company, IceLock, which is offered as via the software-as-a-service (SaaS) model, automatically deletes encryption keys from memory and overwrites them with random data whenever a state change takes place -- that is, actions such as the loading of a screen saver, hibernation, or when the user logs or powers the laptop off.

By offering the process as an SaaS, HyBlue is extending the management of hard disk encryption beyond large enterprises down to the small- and medium-sized business (SMB), Santarcangelo said.

"I don't know many SMBs who've undertaken hard disk encryption because of the costs and management," he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.