New Cold Boot Attack Can Unlock Disk Encryption in Nearly All Laptops under 2 Minutes. Researchers at a Finnish cyber-security company, F-Secure, have announced that they discovered a new cold boot hardware technique can unlock disk encryption keys and have access to user data within 2 minutes. This can happen in nearly all computers even those with full disk encryption – Mac or Windows, when someone steals or “borrows” your computer.
This new cold boot attacking technique is a new variation to the traditional cold boot attack, which was developed in 2008 and lets attackers steal the remaining brief information in the computer memory (RAM) after the computer is shut down. The traditional technique abruptly cuts off the power on the computer before attackers can access what’s in the RAM.
IT experts and companies, working as a consortium, were able to protect computers from the traditional threat by developing a technique which overwrites RAM contents when power came back. The consortium, called Trusted Computing Group, was formed by Intel, IBM, AMD, HP and Microsoft, and used a specification called MORlock (Memory Overwrite Request Control), where all information in computer memory would disappear when the system booted.
This occurs even if the attacker acted sufficiently fast to create the lower temperature conditions necessary to access the data in memory.
However, the researchers, Olle Segerdahl and Pasi Saarinen demonstrated the new cold boot technique in a video, where attackers can bypass and disable MORlock by reprogramming the non-volatile part of the memory chip which stores the overwritten instruction. They explained how attackers can enable instant rebooting from an external device (USB stick) as to extract and analyze user information available in RAM.
It’s not еxactly easy to do, but it’s not a hard enough issuе to find and еxploit for us to ignore the probability that some attackеrs have already figured this out,
says Segerdahl in a statement released on Wednesday (13Sept2018).
He added that this may not be too practical on easy targets, but it would definitely be on the attacker’s list of options for a “bigger phish, like a bank or larger enterprise.”
The new cold boot attack works on nearly all computers in sleep mode, since actions like shut down and/or hibernation cut off the power, and cause the residual computer memory to quickly degrade beyond recovery. This is because when the computer is in sleep mode, its state is saved in the RAM which runs in a limited power state to hold information.
Coldboot attacks are a known mеthod of obtaining encryption kеys from devices. But the rеality is that attackеrs can get their hands on all kinds of information using thеse attacks. Passwords, crеdentials to corporate nеtworks, and any kind of data stored on the computer are at risk,
F-secure warns in their blog post.
Because of its volatility in data retention when out of power, the RAM (Random Access Memory) can preserve user information for a couple of seconds, even minutes, under low temperature conditions.
Suggested Course from HackWareNews
Advanced Computer Hardware Modifications: Colder and Faster
Colder temperatures, faster storage speed, and performance graphics rendering. They’re all crucially important points in computer user experience. Looking to upgrade your computer hardware to achieve any of those points? Here, you’ll learn how to do it all.
- Access 24 lectures & 0.5 hours of content 24/7
- Cover the most effective method of CPI cooling: closed-loop liquid cooling
- Learn about the various tricky aspects about RAID setups
- Understand how to increase data read/write speeds & prepare your computer for a drive crash
- Discover the workings of multi-GPU technology to massively enhance your computer’s rendering capabilities