By Liam Tung
26 February 2008
Despite US researchers showing that hard disk encryption can be easily
compromised, Australian Customs say its Vista laptops are safe because
data is not stored on them -- but analysts have warned users will find a
way around this policy when they need to.
Last week, researchers from Princeton University revealed that
encryption tools, such as Microsoft's Bitlocker, do not completely
mitigate the risk of data theft from lost or stolen laptops.
The researchers showed they were able to access encryption keys used in
such programs from the computer's RAM by booting it up from a USB or
network drive and then scanning the system for encryption keys.
However, the Australian Customs Service, which has one of the first and
largest Vista rollouts in Australia -- 6,000 PCs, including 2,400
laptops -- claims it is safe from the attack because very little
information is actually stored on the laptops.
"We believe this is a very low risk threat," Customs director of desktop
services John Rodgers told ZDnet.com.au.
Customs laptops typically contain very little data, said Rodgers,
because information relating to traveller processing is accessed
remotely from its mainframe computers in Sydney and Canberra.
"That's all accessed remotely and the information is not stored
locally," he said, adding that the agency uses CMOS to prevent the
possibility of booting a laptop off another device or USB.
And, should the hackers get past this stage, the keys in Bitlocker are
automatically destroyed Rodgers said.
However, security analysts say that just because information is accessed
remotely, it doesn't mean that mobile workers will not store access on
their laptops -- particularly in areas that lack Internet access.
"People will find a way of doing what they want to do and if that means
storing a copy of data locally, that's what they will do," said IBRS
analyst James Turner.
"If you fire up a laptop on a plane or train, you're not guaranteed
Internet access. So, if you want to work, then you need to work with
data locally," he added.
The agency is also exploring the possibility of using remote hard disk
destruction technology, to allow it to wipe information on a hard disk
in the event it is lost or stolen.
This type of technology could prove useful if Customs again faces the
situation it did in 2003, where two men posing as EDS staff -- then
Customs' sole IT outsourcing contractor -- duped agency staff into
giving them access to their mainframe computers at Sydney International
Airport, two of which they then removed.
Subscribe to InfoSec News