May Contain Blueberries

the sometimes journal of Jeremy Beker

[caption id=”” align=”alignright” width=”240” caption=”Bombe detail by Garrettc, on Flickr”]Bombe detail by Garrettc, on Flickr[/caption]

CNET and others have been running stories lately regarding a new feature of a product called Passware Kit Forensic 11.3 which has the ability to now recover the encryption keys from Apple’s FileVault 2 Full Hard Drive Encryption software. While the articles themselves have done a balanced job of describing the risks, it frustrates me that novices reading the headlines may misunderstand the risks.

Full Hard Drive Encryption, when used properly, is extremely effective at protecting your data. Research has shown that it is becoming a challenge for law enforcement (Research team finds disk encryption foils law enforcement efforts) and that the only avenue to recover data is by compelling the owner to divulge their encryption key. This is becoming an area of law in the United States with regards to 5th Amendment Protections. (Prosecutors Demand Laptop Password in Violation of Fifth Amendment, Take the 5th? Not With Encrypted Hard Drives, Says Fed Judge, and Does the Fifth Amendment Protect Your Encryption Key? provide some information on the topic.) This will be an interesting intersection of technology and law in the coming years. You can see the beginnings of this showing up in the recent Supreme Court case United States v. Jones I talked about recently.

Back to Full Hard Drive Encryption. Memory attacks like those used by the Passware software are nothing new. Firewire is designed to allow direct memory access. I doubt the authors imagined it being used in this way, but the “Law of unintended consequences” certainly applies here. More information on this topic can be found in this very informative article: Physical memory attacks via Firewire/DMA - Part 1: Overview and Mitigation.

The lesson to be learned here is that when using security software (or any security product) it is critical that you understand the security tool and what it can and most importantly can’t protect against.