Submission + - Laptop hibernation a security risk?
wally writes: "I was having a long think today when it popped into my mind, is hibernation on laptops a security risk?
My flow of thought went like this: if I stole a laptop knowing that it had encrypted home and root partitions (assuming a Unix-like OS), presumably if it has a separate swap partition, that'd contain an unencrypted snapshot of the system prior to hibernation.
Therefore, this RAM image is presumably exploitable. Booting a USB stick would allow closer examination, presumably I could do anything from reading an open sensitive OpenOffice document to inserting some exploitable code into the frozen kernel to do something nasty when the laptop is next booted.
Even if the system keeps a checksum somewhere hidden to ensure the integrity of the RAM image before loading, you could at the least extract some potentially sensitive details that would otherwise be safe?
What do other slashdotters think? Is this an easily exploitable threat that should see suspended RAM images encrypted?"
My flow of thought went like this: if I stole a laptop knowing that it had encrypted home and root partitions (assuming a Unix-like OS), presumably if it has a separate swap partition, that'd contain an unencrypted snapshot of the system prior to hibernation.
Therefore, this RAM image is presumably exploitable. Booting a USB stick would allow closer examination, presumably I could do anything from reading an open sensitive OpenOffice document to inserting some exploitable code into the frozen kernel to do something nasty when the laptop is next booted.
Even if the system keeps a checksum somewhere hidden to ensure the integrity of the RAM image before loading, you could at the least extract some potentially sensitive details that would otherwise be safe?
What do other slashdotters think? Is this an easily exploitable threat that should see suspended RAM images encrypted?"