New Cold Boot Attack Unlocks Disk Encryption on Nearly All Modern PCs
A cold boot attack is a process for obtaining unauthorized access to a computer’s encryption keys when the computer is left physically unattended.
Cold boot attack demonstrate that disk encryption programs, which are used to protect data on desktops, laptops and various other computing devices, have no reliably secure location in which to store their keys. The Cold Boot attack is carried out by performing a cold boot of the system and dumping the contents of the DRAM to a CD or USB token.
Security researchers have revealed a new attack to steal passwords, encryption keys and other sensitive information stored on most modern computers, even those with full disk encryption.
The attack is a new variation of a traditional Cold Boot Attack, which is around since 2008 and lets attackers steal information that briefly remains in the memory (RAM) after the computer is shut down.
However, to make the cold boot attacks less effective, most modern computers come bundled with a safeguard, created by the Trusted Computing Group (TCG), that overwrites the contents of the RAM when the power on the device is restored, preventing the data from being read.
How Microsoft Windows and Apple Users Can Prevent Cold Boot Attacks
According to Olle and his colleague Pasi Saarinen, their new attack technique is believed to be effective against nearly all modern computers and even Apple Macs and can’t be patched easily and quickly.
The two researchers, who will present their findings today at a security conference, say they have already shared their findings with Microsoft, Intel, and Apple, and helped them explore possible mitigation strategies.
Microsoft updated its guidance on Bitlocker countermeasures in response to the F-Secure’s findings, while Apple said that its Mac devices equipped with an Apple T2 Chip contain security measures designed to protect its users against this attack.
But for Mac computers without the latest T2 chip, Apple recommended users to set a firmware password in order to help harden the security of their computers.
Meanwhile, the duo recommends IT departments to configure all company computers to either shut down or hibernate (not enter sleep mode) and require users to enter their BitLocker PIN whenever they power up or restore their PCs.
Attackers could still perform a successful cold boot attack against computers configured like this, but since the encryption keys are not stored in the memory when a machine hibernates or shuts down, there will be no valuable information for an attacker to steal.
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Cybersecurity services that can protect your company:
Other Location for Online Courses: