Tuesday, February 26, 2008

Engineering Blunder Compromises Computer Security

It is well known that data stored in RAM is lost when the power is turned off. But unfortunately it was not well known how long it takes the RAM to be completely erased by power loss. A Princeton University study was able to read security keys out of memory from computers even after a reboot. You need to have physical access to a powered computer to attack in this way, but laptops that are locked or in sleep mode are vulnerable if stolen or left unattended.

There was no mention of the implication for embedded systems, but it is obvious that cell phones and PDA security needs to be re-evaluated. The embedded space may be ahead of the curve with security technology like ARM's TrustZone already available.

1 comment:

Paras said...

I'll be sure to boil my RAM before leaving it unattended again.