Hybrid attack can extract data from inert RAM

Topic

New Reply

LANGALIST By Fred Langa It sounds impossible, but data can be recovered from RAM chips — even after they’ve been removed from a PC. Specialized attack
[See the full post at: Hybrid attack can extract data from inert RAM]

2 users thanked author for this post.

Fred, woody

Reply | Quote

Replies

I knew there had to be an advantage to my laptop’s soldered-on RAM!

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

… some outfits have used the RAM removal trick for debugging. Data on those chips degrades slower if kept cold, so they sometimes used ice packs too…

Reply | Quote

Tracey Capen wrote:

LANGALIST By Fred Langa It sounds impossible, but data can be recovered from RAM chips — even after they’ve been removed from a PC. Specialized attack
[See the full post at: Hybrid attack can extract data from inert RAM]

Right, you don’t need a “new Snowden” now to reveal this….
For a quite number of years this knowledge was already used to protect the “goodies” when switching off power quite some before leaving. At the other hand, special forces tend to freeze puters of the bad guys when they have the chance.
Nice to know when you have an icecream

* _ ... _ *

Reply | Quote

It says in Fred Langa’s article that, to the criminals especializing in this sort of thing, home PCs are not worth all the trouble it takes to extract the data slowly evaporating form the DRAM chips after the computer is turned off. So, as my computer is not worth it, I don’t have to expect to be attacked, in dead of night, by announced ninja assassins throwing shuriken (a.k.a. death stars) at me and carrying liquid nitrogen canisters to spray it all over my computer’s motherboard. That’s nice to know. Right?

Right?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Fred

Reply | Quote

OscarCP wrote:

It says in Fred Langa’s article that, to the criminals especializing in this sort of thing, home PCs are not worth all the trouble it takes to extract the data slowly evaporating form the DRAM chips after the computer is turned off. So, as my computer is not worth it, I don’t have to expect to be attacked, in dead of night, by announced ninja assassins throwing shuriken (a.k.a. death stars) at me and carrying liquid nitrogen canisters to spray it all over my computer’s motherboard. That’s nice to know. Right?

Right?

OscarCP:  That’s nice to know, you are one of the good guys then!
Appently, ME making a reply to you is a reason to polish that of this board … so, I am one of the bad guys then; the price of knowing [very near to the source and sharing here now] that this technique is being used for a very long time.

* _ ... _ *

Reply | Quote

Fred: You are definitively a good guy. But I’ve noticed that you did not vaccinate your comment with something directly relevant to the topic under discussion. While it is not a given here that vaccines will always take, or, contrariwise, prove necessary after the fact, nevertheless I think it is better than not to be vaccinated.

You and others have certainly added information in this thread, with your previous comments on an intriguing topic.

For example, to me it has been a surprise to learn here that the information in DRAM memory can be read off long after the power is switched off — after all, the “D” in ‘DRAM’ stands for “Dynamic”. Meaning that the electrons stored in tiny capacitors, forming a binary pattern of charge levels corresponding to “ones” and “zeroes” inside the chip, are being refreshed periodically (and very quickly, at a rate of once every 64 milliseconds or less) to keep them charged and maintaining that pattern and the information it represents. If the power is turned off, then this stops and the memory of the information previously stored then should also vanish very quickly, or so I had thought, as those capacitors discharge. So, now I know, while they do discharge when the power is off, it is not all that fast. And cooling the chip slows down the discharge further, mainly (I imagine) by increasing the leakage path’s resistance, thus keeping the information available to be picked up, with suitable tools, for a longer time.

https://en.wikipedia.org/wiki/Dynamic_random-access_memory

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Maybe what is needed is a Firmware(UEFI ) routine to rewrite RAM when shutting down.

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote