A group at Princeton University has found an exploit in common computer hardware that allows them to break codes and retrieve the encrypted data stored on the computers hard disks. The process at its most extreme involves direct access to the computer using a can of compressed air held upside down to freeze the DRAM chip(s) to access the encryption key stored in memory.

When stored data is encrypted, the software usually will use a key to encode and decode the data. That key is most often created and stored into a computer’s memory after a user logs into the computer with a password. According to the researchers, a common misconception is that once the computer is turned off, the DRAM memory disappears and so does the encryption key. In their studies, partially funded by the Dept. of Homeland Security, they found that data is actually retained in the computers memory for many seconds or sometimes even minutes after the computer is turned off. They also found that by freezing the memory chips with liquid nitrogen found in a common can of air for removing dust, they could get the data to remain in memory easily for as long as ten minutes, and often longer.

When the encryption key is “frozen in time”, the researchers had plenty of time to actually remove it and place it in another computer. They could then use their own software to read the stored data, find the encryption key and then hack the data on the target computer without ever needed to know the password.

In some cases the freezing techniques was not even necessary. The group could connect an external drive via USB and reboot the computer. When the computer shut down it would retain the data in memory long enough for the computer to start again. When it started it would boot to the external drive which contained hacking software to read the existing DRAM memory and obtain the encryption key.

You can see a video below explaining the techniques and vulnerabilities of different systems, or read the full research paper.

Cold Boot via NYT