Research Raises New Laptop Security Fear

Princeton has a new headache for data protection managers

March 8, 2008

1 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Not long ago, encryption was seen as the holy grail for data protection. But the bar has been raised, courtesy of researchers at Princeton University.

Scientists at the Ivy League college claim to have found a vulnerability in laptop encryption that adds to the many reasons why laptops feature prominently in high-profile data breaches.

Previously, it was thought that sensitive data, such as encryption keys, would only be held in a laptop's "volatile memory" for a brief period of time when the device is switched off. Not so, according to a BBC report.

"It was widely believed that when you cut the power to the computer that the information in the volatile memory would disappear, and what we found was that was not the case," said Princeton professor Edward Felten, in an interview with the BBC World Service's Digital Planet program.

Felten says a laptop needs to stay switched off for several minutes before it's taken into a risky situation where security could be compromised, such as a cafe or conference center. Otherwise, the encryption keys stay in volatile memory, open to exposure.And forget about "sleep mode." "The person will get the laptop, cut the power and then re-attach the power, and by doing that will get access to the contents of the memory, including the encryption keys," said Felten.

The FBI has already warned that a laptop is stolen every 53 seconds in the U.S. Princeton's findings add another element to the struggle to lock down data in an increasingly complex technology environment.

Now, how long will it take IT vendors to work this into their sales pitches? We'll see.

Read more about:

2008
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights