Computer memory leaks a turn off

Aug 11, 2012

When you switch off your computer any passwords you used to login to web pages, your bank or other financial account evaporate into the digital ether, right? Not so fast! Researchers in Greece have discovered a security loophole that exploits the way computer memory works and could be used to harvest passwords and other sensitive data from a PC even if it is in standby mode.

Writing in a forthcoming issue of the International Journal of and Digital Forensics, Christos Georgiadis of the University of Macedonia in Thessaloniki and colleagues Stavroula Karayianni and Vasilios Katos at the Democritus University of Thrace in Xanthi explain how their discovery could be used by information specialists in for retrieving incriminating evidence from computers as well as exploited by criminals to obtain personal data and bank details.

The researchers point out that most users assume that switching off their machine removes any data held in (RAM), this type of fast memory is used by the computer to temporarily hold data currently used by a given application. RAM is often referred to as , because anything contained in RAM is considered lost when a computer is switched off. Indeed, all data is lost from RAM when the power supply is disconnected; so it is volatile in this context.

However, Georgiadis and colleagues have now shown that data held in RAM is not lost if the computer is switched off but the mains not interrupted. They suggest that forensics experts and criminals might thus be able to access data from the most recently used applications. They point out that starting a new memory-intensive application will overwrite data in RAM while a computer is being used, but simply powering off the machine leaves users vulnerable in terms of security and privacy.

"The need to capture and analyse the RAM contents of a suspect PC grows constantly as remote and distributed applications have become popular, and RAM is an important source of evidence," the team explains, as it can contain telltale traces of networks accessed and the unencrypted forms of passwords sent to login boxes and online forms.

The team tested their approach to retrieving data from RAM after a computer had been switched off following a general and common usage scenario involving accessing Facebook, Gmail, Microsoft Network (MSN) and Skype. They carried out dumps immediately after switch off at 5, 15 and 60 minutes. They then used well-known forensic repair tools to piece together the various fragments of data retrieved from the memory dumps.

The team was able to reconstruct login details from the memory dumps for several popular services being used in the Firefox web browser including Google Mail (GMail), Facebook, Hotmail, and the WinRar file compression application. "We can conclude that volatile memory loses data under certain conditions and in a forensic investigation such memory can be a valuable source of evidence," the team says.

Explore further: Computer scientists can predict the price of Bitcoin

More information: "A framework for password harvesting from volatile memory" in Int. J. Electronic Security and Digital Forensics, 2012, 4, 154-163.

add to favorites email to friend print save as pdf

Related Stories

Upgrading RAM is a simple process

Sep 11, 2009

Question: I'm in the market for a new laptop, and I want to be sure it has four gigabytes of RAM. My friends tell me to buy the cheapest configuration and upgrade the RAM myself. How hard is it to upgrade RAM in a computer?

Recommended for you

Report: Better shields needed for private tax data

27 minutes ago

Federal investigators say the IRS and the states should improve how they protect the security of confidential tax information of people getting benefits under the 2010 health care law.

Some online shoppers pay more than others, study shows

55 minutes ago

Internet users regularly receive all kinds of personalized content, from Google search results to product recommendations on Amazon. This is thanks to the complex algorithms that produce results based on users' profiles and ...

Comcast wins more Internet customers, ad sales up

2 hours ago

Comcast Corp.'s third-quarter net income jumped 50 percent in the third quarter, helped by a one-time tax settlement, growth in Internet subscribers and fewer defectors from its cable service.

Christian Bale to play Apple's Steve Jobs

2 hours ago

Oscar-winner Christian Bale—best known for his star turn as Batman in the blockbuster "Dark Knight" films—will play Apple co-founder Steve Jobs in an upcoming biopic.

Netflix to stream new online TV series, 'Bloodline'

2 hours ago

Fresh from commercial and critical success with hit shows "House of Cards" and "Orange is the New Black," Netflix on Thursday announced a new online series, "Bloodline," set for release in March.

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

Laptop Repair Data
Aug 11, 2012
This comment has been removed by a moderator.
Daxwax
Aug 11, 2012
This comment has been removed by a moderator.
M_N
1 / 5 (2) Aug 12, 2012
Not sure how this is news - this type of vulnerability has been known for some time (look up "cold boot attack"). People have even used liquid nitrogen to retain useful data on DRAM for up to a week without refresh...
Osiris1
1 / 5 (1) Aug 13, 2012
Ok, keep all your cpu and peripherals on a zip strip with a switch. When you turn off the pooter, turn off the hard switch on it too. then turn off ALL the peripherals. then turn off the zip strip, unplug it and put a jumper across the ends of the plug