News Stay informed about the latest enterprise technology news and product updates.

Researchers bring back cold boot attacks on modern computers

The idea of cold boot attacks began 10 years ago, but researchers at F-Secure found the attack can be used on modern computers to steal encryption keys and other data.

It's 2008 all over again, as researchers have found a way to use cold boot attacks against modern computers to...

steal sensitive data from lost or stolen devices.

Olle Segerdahl and Pasi Saarinen, security consultants for F-Secure, based in Helsinki, developed the new cold boot attack method and claimed it "will work against nearly all modern computers," including both Windows and macOS devices.

In classic cold boot attacks, threat actors could recover data stored in RAM after a computer was improperly shut down, but modern operating systems can mitigate this by overwriting RAM. Segerdahl and Saarinen found a way to disable this feature.

"It takes some extra steps compared to the classic cold boot attack, but it's effective against all the modern laptops we've tested," Segerdahl said in a written press statement. "And since this type of threat is primarily relevant in scenarios where devices are stolen or illicitly obtained, it's the kind of thing an attacker will have plenty of time to execute."

Segerdahl and Saarinen developed a tool that could rewrite the mitigation settings in memory, which would disable memory overwriting and allow them to boot from an external device that could read the target system's memory. The researchers said cold boot attacks like this could be used to steal sensitive data like credentials or even encryption keys held in memory.

"It's not exactly easy to do, but it's not a hard enough issue to find and exploit for us to ignore the probability that some attackers have already figured this out," Segerdahl said in a statement. "It's not exactly the kind of thing that attackers looking for easy targets will use. But it is the kind of thing that attackers looking for bigger phish, like a bank or large enterprise, will know how to use."

The researchers said cold boot attacks like this could provide a consistent way for threat actors to steal data, because it works across platforms. And although the researchers have shared their findings with Microsoft, Intel and Apple, mitigations are still a work in progress.

Apple claimed Macs with the T2 chip are immune to cold boot attacks, though this only includes the iMac Pro and 2018 MacBook Pro models. And the vendor suggested users with other Mac devices set a firmware password. Microsoft updated BitLocker guidance to help users protect sensitive information.

Dig Deeper on Emerging cyberattacks and threats

Join the conversation

3 comments

Send me notifications when other members comment.

Please create a username to comment.

What is your company protocol for when a device is lost or stolen?
Cancel
As far as we know, cold boot attacks are not a common procedure for data recovery, but it might still be good to be prepared. If no cold boot attack happens directly after shutdown, the RAM empties itself in minutes, and all data disappears. To secure your network from these type of attacks I highly recommend to use firewalls like Sangfor NGAF.
Cancel
Cold boot may not be common, but this research shows it can be a consistent way to get at data. Definitely worth making sure you shut down or take other mitigation efforts.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close