The increasing use of laptops, netbooks and tablets coupled with a growing tendency to put sensitive personal and corporate data on computers that are easily and frequently lost or stolen has prompted EFF to urge all users to encrypt all of their computers: not just individual files or emails, but the whole disk.
“Without encryption,” stated the EFF, “forensic software can easily be used to bypass an account password and read all the files on your computer.” Best of all, EFF said, disk encryption is free.
The organization particularly recommends Microsoft’s BitLocker (where available), and the open-source TrueCrypt. Mac OSX Lion and many Linux distributions have full disk encryption built into the operating system. But a potential danger in the use of encryption is over-confidence by the user. While it is true that strong encryption is statistically unbreakable, there are ways around it that must also be protected. Some of these are highlighted in EFF’s related whitepaper, Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices.
The most obvious weakness is the loss or theft of a written passphrase controlling the encryption. The second is via spyware that infects the computer during its use, key-logs the passphrase, and sends it back to the hacker. But there are two further, physical attacks that need to be prevented. The first is known as a cold boot attack. A computer that is simply in ‘sleep’ mode can be powered down and immediately powered up, leaving the encryption keys in DRAM for long enough (and longer if kept cold) for them to be forensically recovered. EFF’s solution is to keep the computer completely powered down when not in use. This would ensure that all DRAM memory is lost, but does not necessarily protect against snatch theft.
The second threat is the ‘Evil Maid’ attack developed by Joanna Rutkowska. “Now, this is where our Evil Maid stick comes into play,” she wrote. “All the attacker needs to do is to sneak into the user’s hotel room and boot the laptop from the Evil Maid USB Stick. After some 1–2 minutes, the target laptop’s [SIC] gets infected with Evil Maid Sniffer that will record the disk encryption passphrase when the user enters it next time.” The passphrase is then subsequently recovered by a second visit from the evil maid, or is transmitted out to the attacker.
“Full disk encryption is one of the most important steps you can take to protect the privacy of your data,” the EFF said. “If you haven't done it yet, resolve to encrypt in 2012.” But be aware of the threats that can still come in round the side.