Vulnerabilities Shown with Encryption Technologies

Researchers have shown that disk encryption and encrypted Global System for Mobile Communications (GSM) are both subject to relatively straightforward hacks. In other news, Phoenix Technologies Ltd. and Seagate Technology LLC announced they were working together to improve mobile personal computer (PC) security.

Focal Points:

• Researchers from the Electronic Frontier Foundation, working with Princeton University, uncovered a fundamental flaw in disk encryption that can render a system completely unprotected when an intruder can have direct access to the system. Attackers are able to take advantage of the fact that designers have the encryption key stored in the computers random access memory (RAM). Information stored in RAM remains there even when the computer is turned off. This gives hackers the ability to collect information from RAM when the machine is turned on again. Systems researchers successfully hacked in this way include Apple, Inc.'s FileVault, Microsoft Corp.'s BitLocker, TrueCrypt Foundation's encryption technology and dmcrypt. Full results are available in a paper entitled "Lest We Remember: Cold Boot Attacks on Encryption Keys" can be found at EFF's Web site. Researchers suspect other systems are vulnerable as well, since most of them employ the same architectural principal for disk encryption.
• Researcher from Black Hat recently announced that they had discovered a way to simply break GSM encryption. The researchers assembled two terabytes of disk and a field programmable gate array (FPGA) to break GSM's A5/1 encryption. They were able to hack into voice calls and SMS messages in 30 minutes. They believe that if more FPGAs were put to the attack, GSM encryption could be broken even faster. An additional exposure to GSM encryption is that the networks reuse the same key, so once it is broken, other call and messages are accessible.
• Officials from Phoenix and Seagate recently announced that they were working together to improve PC security. The agreement call for Phoenix's FailSafe service and SecureCore firmware to be integrated with Seagate Secure technology. The companies predict that this partnership will make it easier for original equipment manufacturers (OEMs) to more quickly develop more secure laptops. The combined technology will force users to verify their identity before the hard drive will unlock and allow the computer to boot.

Experton Group believes hackers will rapidly learn to exploit the new hard drive encryption breaking process, since the method of obtaining data is easy and the technique is straightforward to employ. In response to this, it is very likely that vendors will move quickly to modify the basic architecture that is currently used to perform disk encryption. However, the exposure to existing laptops is real and end users will have to redouble their efforts to physically protect laptops from theft. While the same process could apply to desktops, it is far more likely to be exploited with laptop computers. IT executives should be aware of the issue and press security vendors to rapidly fix this vulnerability.