The same group of researchers that published a paper last February detailing how their team hacked into and recovered data from a group of supposedly secure laptops have now released the source code to the programs they used in their "cold boot" experiment. Such software could be useful to any law enforcement agency looking to take advantage of the group's research, as well as to any security vendor attempting to plug the hole.

We covered the initial announcement of the exploit in some detail back in February, but I'll summarize it here. Contrary to popular belief, the data stored within a computer's RAM chips is not immediately lost when the system powers down, but instead fades slowly over a period of seconds. This dissipation period can be substantially extended by cooling the DIMMs—repeatedly spraying the DIMMs with inverted cans of air resulted in just one percent of data degrading after 10 minutes.

The team demonstrated that it was possible to remove a DIMM from one computer, transport it to a second unit, boot that unit using a specially designed microkernel, and then dump all data on the RAM chip to physical disk. The amount of bad (decayed) data depended on both the time a DIMM spent unpowered and the temperature at which it was kept, but the group was able to successfully reconstruct 128-bit AES encryption keys within seconds, even if 10 percent of the key had already decayed out of memory.

The team's paper (PDF) notes several ways the danger from this type of attack might be mitigated, but there appears to be no simple remedy at this time. The nature of the attack requires physical access to the system in question, but the growing popularity of laptops makes this less of an issue than it might be otherwise. Once physical access has been obtained, the hack itself can be performed in mere minutes.