Medidata Blog

TREND 8: Memory Scraping Calls for Better Coding

Reading Time: 2 minutes

Security concerns will remain paramount for the clinical data and healthcare field, as the individual and industry data increasingly reside in the “cloud.” Those of us working to make data as safe as possible are always keeping our eyes open, and learning lessons from the front lines in hacking attacks – those credit card identifiers like passwords and PINs at banks and e-tailers.

Latest on the scene? Memory scraping – searching for data when it was decrypted or stored in memory during the lifetime of a process, or at least during a decryption routine. Depending on how a process cleans up after itself, it may stay resident even after the fact. The data is encrypted on the hard disk, but again, the RAM likely maintains the clear-text version of the data.

This has been around for a long time, but it is now more aggressively targeting data such as passwords, PINs and keys, as of late. Although regulatory security requirements like the Federal Information Security Management Act (FISMA) and the Healthcare Information Protection Accountability Act (HIPAA) dictate that data must be encrypted while in transit and at rest, data is still decrypted at some point on the system and often stored in memory during the lifetime of a process, or at least during a decryption routine. Depending on how a process cleans up after itself, it may stay resident even after the fact. The data is encrypted on the hard disk, but again, the RAM likely maintains the clear-text version of the data.

Browsers are notorious for leaving things sitting around in memory during web sessions. RAM scraping malware also targets encryption keys in memory to decrypt anything for session data to encrypted files. As far as the emerging security threat part, I see RAM scraping increasing as attackers focus on client-side attacks, shifting away from server-side attacks. Browsers are often misconfigured, allowing malware to get onto a user’s system, stealing data and passwords. AV products can’t keep up with the aggressive rate and polymorphic characteristics of this type of malware. They discover a ton of new malware every week, reverse it to some extent and add it as a new signature.

Information security is a cat and mouse game, so as we implement better security through encryption, hackers will find new and creative ways to break through. In turn, the industry and especially the browser industry will be forced to do a more careful and exhaustive memory clean-up process when their code completes. This has been an often ignored “Coding Best Practice” that dates back 30+ years. But memory scraping hackers may be the motivation for programmers to actually code better. Now that’s something to think about!

More about Glenn Watt

 

Medidata Solutions Image

Medidata Solutions