FileVault vulnerable to RAM hack

what does this mean? Oh, if you have an easy password and your machine gets stolen, even if you have your files locked under file vault, some of it may be read. Of course if you were smart enough not to make your password (or the root password) obvious, then this is a non-issue. They don't have access to the files- just a machine in need of a disk wipe and os reinstall.

To the business that might leave access to its machines open to the public, it may again be an issue if passwords are compromised.

For the time being, especially without any researchers' applied vulnerabilities statements (from a 3rd party, not a security bloatware vendor), this story is just a FUD monger.

all we need are ram cards with acid pellets. If you attempt to remove a card without a proper shut down then the card will dissolve. Like in Mission Impossible :-)

This has nothing to do with how good or bad your password is (how hard it is the guess). You should read the article.

These researchers have demonstrated that by chilling the RAM chips in a system they can preserve the contents of data in the RAM chip long enough to boot up the system with a special kernel that can save off the data.

This nothing really specific to FileVault, Mac OS X, Windows, etc. it is simply exploiting an assumption that most vendors make in that information in RAM will be lost across power cycles.

while I agree that the average person is not vulnerable to this kind of attack - you'd have to be one seriously motivated hacker to bother with this - I would disagree that this is mere FUD. This is the kind of serious security research which leads (hopefully) to more secure computing. Even though it's an obscure hack, it's always good to know a system's vulnerabilities so that they can be eliminated or minimized in the future.

As an additional note, most security systems - whether computer-related or as mundane as the lock on your front door or the alarm system on your house - can be defeated in some manner. It's usually a question of the degree of difficulty, with the goal being to make breaking in so inconvenient that it will deter most crooks/hackers and motivate the really, really determined and capable ones to go find easier targets.

Does anyone know if using secure virtual memory (an option not on by default) defends against this attack?

No, this has nothing to do with virtual memory. Virtual memory is on-disk, and is subject to a different kind of attack. This is an attack on RAM, and it is EXTREMELY obscure and requires cooling the RAM by spraying it with a coolant, removing it from the machine, and placing it in another machine with custom software designed to read the contents of the RAM in the hopes that an ecryption key can be recovered. ALL encryption on ALL hardware, platforms, and operating systems is vulnerable...not just "FileVault".

There is one simple and easy fix if you are that concerned about this kind of attack: when your machine is not in use, shut it down instead of putting it in sleep/standby mode. The contents of RAM are (more likely to be) lost, and the encryption key is thus not recoverable.

So no, this isn't "FUD", but this is a very difficult and obscure attack that would have to really be targeted at an individual, and is the stuff of government and industrial espionage, not someone getting their laptop bag stolen. Fixing this shortcoming would require a lot of changes in terms of assumptions made about RAM states and so on. It's an interesting discovery, and definitely could have important implications for extremely critical and sensitive data that may be actively targeted by an adversary. But for the normal encryption user, this is, in all practical and real respects, meaningless.

ALL encryption on ALL hardware, platforms, and operating systems is vulnerable...not just "FileVault".

Not necessarily. The point of secure VM is that it encrypts the memory data before writing it to disk. It all depends on how the encryption information used in an encryption system is stored in memory. If it is dealt with "correctly", it would be expunged from memory after it is used (or at shutdown), being overwritten and all that stuff. Only those who leave it in memory would be affected (which probably is everybody).

There is one simple and easy fix if you are that concerned about this kind of attack: when your machine is not in use, shut it down instead of putting it in sleep/standby mode. The contents of RAM are (more likely to be) lost, and the encryption key is thus not recoverable.

Based on what I've read, that's not true. (That's like saying wiping a drive with all zeroes makes the data unrecoverable).

Any computer that contains data valuable enough to make it worth going through all that trouble should also be in a physically secure location. This technique requires that I'm logged into my FileVault account while leaving my computer in a location that someone has the time to chill the RAM to -50 deg and quickly transfer it to another machine to try and read the data. And the option to read the RAM in place requires that they've installed kernel files, suggesting that your machines has already been compromised anyway.

There are so many hack methods that require less work and provide better results... Supercooling the memory beyond scientific research is just wasting your resources.

Yea, They were looking down from a satellite and saw you type in your password and then they send agents to kidnap your computer by gassing a city block with stolen nerve gas.

Or like the time they used infared to take a picture of the keyboard used to enter a password to the vault (why not a key pad, I do not know ??) to see which numbers were entered and then break into the vault.

Yea, I like those kinds of shows where it only takes 2 million in technology and talent to steal 1 million in cash (which gets cut to $500,000 since its stolen money and needs to be fenced. :-) )

en