A technique has been discovered that can compromise the security of hard disk encryption mechanisms thought to be invulnerable, according to Digital Trends on Friday. Appleis FileVault is affected.
The encryption key for the HDD is held in RAM while the computer is running. When the computer is shut down, that key is lost. The discovered technique depends on the fact that DRAM holds its data far longer than thought after power is terminated, especially if quickly cooled.
Princeton University researchers have found that by spraying very cold air from "canned air" used for dusting and cleaning small electronics, on the memory, they can prolong the data held in the memory, remove it, place it in another computer, and extract the encryption keys.
The exploit requires unrestricted access to the running computer, and may not be a scenario that most users need to worry about in every day use. However, the exploit is illuminating and may lead to new security policies by organizations in some instances. In any case, itis a good thing to know about.