Businesses at risk of data theft through 'classic' cold boot attack

Cold boot attack leaves Apple Dell and Lenovo laptops at risk of data theft

Cold boot attack leaves Apple Dell and Lenovo laptops at risk of data theft

The attack is a variation of the old cold boot attack which is a popular technique in the hacking world.

A weakness in modern computers allows attackers to steal encryption keys and other sensitive information, according to the latest discovery by cybersecurity firm F-Secure.

The attack works against nearly all Macs and Windows PCs and requires several minutes of physical access to a machine left in sleep mode, which maintains enough power to keep data from the most recent active session "alive" in system memory. Most modern computers overwrite RAM when they are powered down to prevent unauthorised access to data during a cold boot attack, but the researchers have found a way to disable the process.

Trusted Computing Group, a consortium formed by AMD, Hewlett-Packard, IBM, Intel, and Microsoft, chose to protect computers against this threat vector by overwriting RAM contents when the power came back. The attack attaches a specially created tool to attack the motherboard's UEFI module, which alters the boot code to stop the memory overwrite.

Security researchers Olle Segerdahl and Pasi Saarinen of F-Secure found a way to reprogram the non-volatile part of the memory chip that stores the overwrite instruction; thus, they were able to disable this action and enable booting from an external device (USB stick) to extract and analyze the data available in RAM. This new attack is used to grab the encryption keys from memory, which then allows them to gain access to the data stored on your encrypted drives.

Kavanaugh denies allegation about high school misconduct
Bush and more than 100,000 pages of documents that the Trump administration asked to withhold. The woman is not talking to reporters and is not going public with her allegations.

Their attack works on computers in sleep mode, since shut down and hibernation actions cut off the power, and cause the residual memory to quickly degrade beyond recovery.

Olle Segerdahl and Pasi Saarinen, security consultants for F-Secure, developed the new cold boot attack method and claim it "will work against almost all modern computers", including both Windows and MacOS devices.

"It's not exactly the kind of thing that attackers looking for easy targets will use", Segerdahl said. It suggested IT departments to "configure all company computers to either shut down or hibernate (not enter sleep mode) and require users to enter their BitLocker PIN whenever they power up or restore their computers". Mixing pre-boot authentication in makes the defense even stronger. The security biz helped the Windows maker update its guidance on Bitlocker to mitigate against this type of data theft.

F-Secure's researchers presented their findings at a conference in Sweden on Thursday, and are set to present it again at Microsoft's security conference on September 27.

Apple responded by pointing to the latest generation of Macs, which have the T2 chip that do the encryption separately from the CPU and makes such an attack more hard to execute.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.