X

Cold boot encryption-bypassing source code published

Source code is now available to utilities that can bypass programs like Microsoft's BitLocker and Apple's FileVault in some circumstances.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
2 min read

A team of computer scientists has published source code that can in some circumstances bypass encryption used in Microsoft's BitLocker and Apple's FileVault and be used to view the contents of supposedly secure files.

We reported in February on their research, which describes how the contents of a computer's memory could be dumped to a hard drive and the encryption keys forcibly extracted.

The source code includes tools for imaging the target computer's memory through USB and Netboot, and analyzing the memory image to extract AES and RSA encryption keys, even if they're partially degraded. It was published to coincide with the Last HOPE hacker conference over the weekend in New York, where research team member Jacob Appelbaum gave a presentation.

This collection of utilities will be of special interest to security researchers and computer forensics specialists in law enforcement or working for police. (A Justice Department conference that starts Monday, for instance, includes two panels on computer forensics.) It allows police to seize a computer with an encrypted volume mounted that may be asleep or locked with a screensaver, plug in a UPS, and eventually extract its memory and encryption keys.

If you're worried about this threat or the possibility of nosy border guards rummaging through your files, unmount your encrypted volumes when you're not using them or, better yet, completely power down your computer.

As more people use encryption--FileVault is built into all recent versions of OS X--finding ways to respond to it will become more of a challenge for law enforcement. In December, a federal judge ruled a man charged with transporting illegal images could not be forced to turn over his PGP pass phrase.