I would hardly call this a serious vulnerability, for the hacker to achieve this they have to get to my computer rip open the case and freeze the RAM chips minutes or seconds after I power down.
Kudos to them for finding it but does this really affect anyone?

I’m still skeptical. I tried to visualize this but something doesn’t add up. It’s not like freezing video tape and reading data. This is probably theoretical and if proven, I’d like to see it. Sure won’t believe it from just this website.

Nice post though!
-B.Frost

I’m sure that computer makers will solve this problem quickly. You only need to add a small amount of embedded RAM and make the program store it there. In fact (if the embedded memory is faster), a design like that could allow operating systems to manually cache repetitively used files for increased performance (opposed to the processor cache, which is hard coded). I don’t see why they shouldn’t implement that.

Okay, so the criminal breaks into my house just as I’m powering down, shoots me, and then magically opens my laptop to spray the RAM with freeze stuff, all before it gets wiped.

Sounds to me like he’d have better luck with a virus, and I run Linux.

ok ok people, its not like a hacker is going to break in right as you are powering down..ok? Also, most “hackers” are actually hackers, they are more like kids who think they are but aren’t…much like everyone who has posted before me. However, what is more likely is if you are like me you rarely turn off your pc, thats when they get you. We’ll say your in the shower and someone random guy who has read this post or just knows of it breaks in, they can then just start powering down your comp after opening the case, then freeze your chip and take it…simple eh?

This isnt something that everyday joe or jane needs to worry about. Think more on the homeland security and espionage levels. Draw your own conclusions.

like i always say, even if you have 10 levels of security, as long as it is tied to you. Whoever wants your info can just torture you until you give up the key.

No fancy freezing needed. meh.

i too highly doubt someone would be able to get into my house and crack my computer up a minute after i power down without me shooting kicking stabbing or just plain skull banging them to death. poiiiintlesss but its nice to kno the guys at princeton spend as much time with air in a can as i do

I think most of you are missing the point here. Think of keys for say, HD-DVD movies being stored by an app in memory. You could then possibly get at them through this. I agree, this method probably not really completely true / workable or even economically viable, but makes you think none the less.

Can of air my arse.

I’d like to see the can of compressed air that contained enough propellant to freeze your RAM like the picture above, without causing enough condensation to short between any circuitry.

I’m sorry, but as far as “vulnerabilities” go this is as out-there as they get. If a burglar has come far enough that he’s managed to nab my computer, pop open the case (which happens to be secured by the anal-though-not-insurmountable “chassis security switch”)FREEZE my RAM, that burglar is welcome to whatever binary data he can then read with his $100,000(,000)+ magnetic reader.

I have seen a movie where this was proved, just to clear things.

Second, this method can be used if you keep your laptop on hibernate or standby. It takes you roughly 30 seconds to do this, all you have to do is plug in an external USB Hdd, reboot the laptop, let the software run and there you go, you stole the information.

It’s not about stealing information from you as a desktop user or people stalking you to see when you power off your pc, it’s about you leaving you laptop unsupervised, that’s when it’s logical to use this method.

@Steeve:

Errr, the “Propellant” you’re referring to doesn’t exist. The air itself is liquid, in the can, and under pressure.

It also is quite cold, thus the “frostbite” warnings found on some brands of canned air.

And it doesn’t take much liquid air to freeze things. I’ve used it to chill electronics while chasing a thermal intermittent problem. The frost forms rather quickly.

The vulnerability is more likely useful in attacking the PINPads used in retail stores. They are designed to destroy their key data if tampered with. If the PINPad was frozen it may give the attacker a chance at reading the PIN encryption key. Only useful if they had previously recorded PINPad usage.

I agree with captain oblivious. Airport security has the legal right to confiscate and search computers at any time, without warrant. since i’m no lawyer, i can’t tell u the the name of the law, but it exists and is being lobbied against. in searching, they may do anything required to gain access into a computer, and RAM will definitely hold important information after shutdown. in fact, here’s a link i also stumbled which is rather relevant, if a lil’ paranoid: http://www.news.com/8301-13578_3-9892897-38.html?tag=nefd.lede

Good time and money that could have been spent curing AIDS perhaps?

“No we’ve found that retrieving lost encrypted DRAM was a much worse problem.”

“Good time and money that could have been spent curing AIDS perhaps?”

Amadeus that’s a good point..

I saw a video with a guy doing this hack by linking his laptop to the other with a lan cable, then running a program to extract the security keys from the frozen RAM on the Other laptop. It was a few weeks ago so I can’t find the link just now.

yes
good

I’ve done surface mount soldering before… it seems like (esp. with the dot grid type of chip in the picture) that freezing a chip mounted to a pc board and soldered (sometimes poorly) by a robot would cause the solder joints to fail. Maybe not?