"Robot Can Rip the Data Out of RAM Chips With Chilling Technology"

Cold boot attacks, in which memory chips are cooled and data, including encryption keys, are stolen, were first demonstrated in 2008. The original attack has been improved and automated in the form of a memory-stealing machine that costs about $2,000. At the REcon reverse engineering conference in Canada, Ang Cui, the founder and CEO of Red Balloon Security, gave a presentation titled "Ice Ice Baby: Coppin' RAM With DIY Cryo-Mechanical Robot." The presentation focuses on the Cryo-Mechanical RAM Content Extraction Robot that Cui and his colleagues Grant Skipper and Yuanzhe Wu created to extract decrypted data from DDR3 memory modules. By disabling JTAG debugging interfaces and UART circuitry, as well as by using Ball Grid Array (BGA) packaging and encrypted firmware, hardware manufacturers have made it more difficult to reverse engineer their products. Cui noted that manufacturers are removing many debugging interfaces, which does not necessarily increase product security but makes device introspection and reverse engineering significantly more difficult. Therefore, the researchers decided to pursue a different path. Instead of attempting fault injection, as they have in the past, or performing invasive reverse engineering via laser ablation, they constructed this affordable and accurate robot that freezes one RAM chip on the device at a time. This article continues to discuss the robot that reliably extracts the contents of RAM of modern embedded devices at runtime. 

The Register reports "Robot Can Rip the Data Out of RAM Chips With Chilling Technology"