A group led by a US computer security researcher has developed a simple method to steal encrypted information stored on computer hard disks.The technique, which could undermine security software protecting critical data on computers, is as easy as chilling a computer memory chip with a blast of frigid air from a can of dust remover.
The move, which cannot be carried out remotely, exploits a little-known vulnerability of the dynamic random access, or DRAM, chip.
Those chips temporarily hold data, including the keys to modern data-scrambling algorithms. When the computer’s electrical power is shut off, the data, including the keys, is supposed to disappear.
In a paper that was published last week on the Web site of Princeton’s Center for Information Technology Policy, the group demonstrated that standard memory chips actually retain their data for seconds or even minutes after power is cut off.
