Cold boot attacks can affect nearly all modern computers

Many people tend to put laptops to ‘Sleep’ instead of shutting it down. Whether you’re at home, or at your workplace, leaving desktops and laptops unattended might have become a habit. A cybersecurity firm discovered a way to access a laptop’s data even with full disk encryption. According to their findings, anyone with physical access to a high-value computer can steal sensitive data such as passwords, corporate files, and more, stored on your RAM via new cold boot attacks.

In their recent blog post, F-Secure disclosed a way to steal data stored on a laptop when left unattended. They described how an attacker can pilfer encryption keys along with all data from the laptop.

The attack only takes about five minutes to pull off, if the hacker has physical access to the computer, F-Secure principal security consultant Olle Segerdahl said in a statement Thursday. These attacks require special hardware tooling to perform, and are generally not considered a threat vector for normal users, but only for computers storing highly-sensitive information, or for high-value individuals such as government officials or businessmen. Cold boot attacks can steal data on a computer’s RAM, where sensitive information is briefly stored after a forced reboot.

Earlier, attempts have been made to mitigate cold boot attacks by overwriting the RAM after power restoration. However, F-Secure security consultants, Olle Segerdahl and Pasi Saarinen, discovered a way to bypass such mitigations. Explaining their findings in the blog post, they state,

“The two experts figured out a way to disable this overwrite feature by physically manipulating the computer’s hardware. Using a simple tool, Olle and Pasi learned how to rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices. Cold boot attacks can then be carried out by booting a special program off a USB stick.”

Leave a Reply