New Cold Boot Attacks Can Evade Current Mitigations

Many people tend to put laptops to ‘Sleep’ instead of shutting it down. Whether you’re at home, or at your workplace, leaving desktops and laptops unattended might have become a habit. A cybersecurity firm discovered a way to access a laptop’s data even with  full disk encryption. According to their findings, anyone with physical access to a computer can steal data via new cold boot attacks.

F-Secure Discovered New Cold Boot Attacks That Lets Hackers Pilfer Your Data

In their recent blog post, F-Secure disclosed a way to steal data stored on a laptop when left unattended. They discovered a vulnerability in the firmware of ‘most modern computers’ that could let an attacker pilfer encryption keys along with all data from the laptop by new cold boot attacks. To perform these attacks, the attacker requires physical access to the device.

Cold boot attacks involve accessing the information stored in RAM after resetting a computer. Earlier, attempts have been made to mitigate cold boot attacks by overwriting the RAM after power restoration. However, F-Secure security consultants, Olle Segerdahl and Pasi Saarinen, discovered a way to bypass such mitigations. Explaining their findings in the blog post, they state,

“The two experts figured out a way to disable this overwrite feature by physically manipulating the computer’s hardware. Using a simple tool, Olle and Pasi learned how to rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices. Cold boot attacks can then be carried out by booting a special program off a USB stick.”

Almost All ‘Modern Computers” are Vulnerable

According to the researchers, performing the new cold boot attacks simply requires manipulating the hardware. Thus, they confirm that the vulnerability presently impacts nearly all the latest laptop brands. While they demonstrated the attack on a Lenovo laptop (video shared below), they confirm the affectees also include Dell and other brands, including Apple Macbooks. Nonetheless, Apple claims that the Macbooks equipped with T2 chips remain unaffected from this vulnerability.

The researchers also decided to share this vulnerability with vendors including Microsoft, Apple, and Intel, as well as with the public. They also presented their research at the Sec-T conference on September 13, 2018.

Until the vendors release dedicated fixes to protect the users from these attacks, Oleg and Pasi recommend that users avoid putting their laptops to ‘Sleep’ modes. Instead, hibernating or shutting down the laptops would be a better option.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients