Slashdot Mirror

← Back to Stories (view on slashdot.org)

Almost 'All Modern Computers' Affected By Cold Boot Attack, Researchers Warn (cnet.com)

Posted by msmash on from the security-woes dept.

Security researchers have discovered a flaw with nearly all modern computers that allow potential hackers to steal sensitive information from your locked devices. CNET adds: The attack only takes about five minutes to pull off, if the hacker has physical access to the computer, F-Secure principal security consultant Olle Segerdahl said in a statement Thursday. Cold boot attacks can steal data on a computer's RAM, where sensitive information is briefly stored after a forced reboot. These attacks have been known since 2008, and most computers today have a safety measure where it removes the data stored on RAM to prevent hackers from stealing sensitive information. It's also not a common threat for the average person, since both access to the computer and special tools -- like a program on a USB stick -- are needed to carry out the attack. But Segerdahl and researchers from F-Secure said they've found a way to disable that safety measure and extract data using cold boot attacks. [Further reading: ZDNet] "It takes some extra steps compared to the classic cold boot attack, but it's effective against all the modern laptops we've tested," he said in a statement. Per F-Secure, there is no patch to address the new vulnerability just yet. For now, the firm recommends that you make tweaks to your system settings so that your computer automatically shuts down or hibernates instead of entering sleep mode when you close your screen.

79 comments

  1. Physical access to PC by Anonymous Coward · · Score: 0

    Yeah, I'm sure this is only example of that.

    1. Re: Physical access to PC by Anonymous Coward · · Score: 0

      It involves cooling the RAM chips with some kind of refrigerant spray. So yeah, you need the computer you do this with to be right in front of you and powered on and logged into at least once by some user with a key you want.

    2. Re: Physical access to PC by kelemvor4 · · Score: 5, Informative

      It involves cooling the RAM chips with some kind of refrigerant spray. So yeah, you need the computer you do this with to be right in front of you and powered on and logged into at least once by some user with a key you want.

      Full disk encryption is what this attack defeats. Full disk encryption is really ONLY useful to stop someone with physical control of the computer from accessing your data. Also, the details I read made this sound like a relatively easy attack to implement if you've prepped your work area reasonably. Consider that anyone doing this has already stolen a computer - perhaps by breaking into a home or business. Then they must have a computer with valuable enough data to bother going after it. They aren't going to be going after my pc, and probably not yours. Maybe a politician, banker, or someone with proprietary corporate secrets.. say a fortune 500 exec. For that kind of value as a target, this is a simple attack - compared to other attacks that might be used on high-value targets.

    3. Re: Physical access to PC by omnichad · · Score: 2

      So an extra-cold boot, then.

    4. Re: Physical access to PC by Excelcia · · Score: 1

      This attack does not defeat full disk encryption. It allows access to your encryption keys if and only if the hard drive is already unlocked.

      Saying this is a vulnerability is like saying that all safes have a vulnerability that when they are unlocked, anyone with physical access to it can get everything that's inside and, moreover, they can also with special equipment get access to the tumblers to determine what the combination was and even change it.

      This is not a "simple" attack. It requires basically physically stealing the computer after it has been booted up and the encryption key password entered. So it's really a special case of rubber hose cryptography (threatening the person until they give up a password).

      To protect yourself from this "vulnerability" you simply need to ensure that when you stop using the safe that you close it and lock it. Or, in other words, turn off your computer. Modern RAM will be degraded to the point where the key is unusable after about five seconds.

    5. Re: Physical access to PC by Anonymous Coward · · Score: 0

      Full disk encryption is what this attack defeats.

      Actually not in most cases.

      A cold boot attack, unlike the different method the GP described, takes a system already booted and running.
      You then power cycle it and boot into a very tiny kernel/OS.
      That kernel is able to read all the RAM it isn't currently using and dump it to a file.
      Areas of RAM won't be zeroed so you can get the previous contents from a few second to a minute ago.
      If you computer was off for longer than a minute, there is no contents in the RAM to dump.

      The only way to recover full disk encryption keys is if you booted your normal OS, entered the decryption keys, then left your computer unattended in this state.

      Most people shut down properly when planning to leave a system unattended like that, after which your decryption password won't be in memory.

      This also assumes *software* disk encryption is being used. Any hardware disk encryption, and any use of a security module like a TPM chip, will keep the decryption key out of RAM even for the one minute the system may be vulnerable.

      The GP is describing another attack that tends to only work on currently running but suspended, or hybernated computers.

      For most normal uses of full disk encryption, one unmounts and performs a proper shutdown so neither attack will work.

      Server based full disk encryption would be vulnerable under normal use, but seeing as a server can't (re)boot on its own in such a configuration I've always thought such encryption offered very little advantage and crippling levels of disadvantage even when working as intended.
      Servers also tend to be on a network so are open to plenty of other exploits that can access a decrypted disk while you aren't actively present such as while the server is in a datacenter.
      This is just one more to an already insanely huge list of ways to defeat full disk encryption on a server.

    6. Re: Physical access to PC by Anonymous Coward · · Score: 0

      Do you really think they wouldn't be going after our computers? I don't know about your experiences, but in mine the I.T. works typically have access to a greater amount of sensitive data than any exec.

      In other cases I would guess that information security personnel would have access to really interesting information. Maybe HR departments. Potentially police officers. Corporate executives are not who I would be targeting.

    7. Re: Physical access to PC by BenJohnsonZdfjhu · · Score: 1

      This could be easily fixed if the BIOS wiped/tested the whole ram after reboot. If i remember correctly, it might be as easy as adding a small module to the bios.

    8. Re: Physical access to PC by c6gunner · · Score: 1

      Any hardware disk encryption, and any use of a security module like a TPM chip, will keep the decryption key out of RAM even for the one minute the system may be vulnerable.

      This is either incorrect or only partially correct. Hardware encrypted drives (at least the FIPS certified ones we use at work) are unlocked once and then remain unlocked as long as there is power to the system. Insert a USB stick, force a reboot, boot off the USB stick, and you have full access to the drive.

      I'm not sure if the encryption keys are stored in RAM or in volatile memory on the drive itself, so sure, you may not be able to get the keys. But you can still clone the drive, so not having the keys is pretty irrelevant.

      Long story short: even with hardware encryption, shut the damn thing down when you're not using it.

    9. Re: Physical access to PC by Anonymous Coward · · Score: 0

      You got your whimpy ass slapped bitch https://slashdot.org/comments.... you dirty bullshitter scumbag piece of shit. Have fun living with it asshole pussy.

    10. Re: Physical access to PC by piojo · · Score: 3, Informative

      You haven't considered the case of "suspend", which the summary mentioned. When a laptop is suspended (and I think most are when they're not in use), encrypted disks are unlocked. And desktops are often left on when not in use. I think the GP is accurate: this attack defeats full disk encryption for most users.

      --
      A cat can't teach a dog to bark.
    11. Re: Physical access to PC by Anonymous Coward · · Score: 0

      This is definitely nowhere a new vulnerability. PGP (now Symantec Encryption Desktop) used to have two iterations of the keys it stored in memory, one normal, one bit-inverted, and would occasionally flip the values to protect against this. It has been doing this since the early 2000s.

      For maximum protection, the real trick is to use virtual machines that are in VeraCrypt volumes or otherwise encrypted, and split up what you are doing by tasks. When done with a task, suspend the VM, unmount the volume. This way, if the machine is stolen, only the OS is available.

      Bonus points if you use a keyfile or keyfiles and a custom PIM value, so an attacker not just has to figure out your password.

      More bonus points if one of the keyfiles is on an IronKey or other hardware protected USB drive to protect against brute force.

      Still more bonus points if you use an external flash drive or encrypted external drive and physically disconnect and store the drive somewhere secure when done with your VM usage. A USB 3.2 SSD may not have NVMe performance, but it isn't bad for a VM where one is doing QuickBooks or other sensitive tasks [1].

      [1]: You do separate your general Web browsing and critical tasks don't you, if only to mitigate ransomware? If not, at least consider Sandboxie to run your web stuff under, so ransomware that gets through the web browser only will shit in the sandbox and not trash your box.

    12. Re: Physical access to PC by Anonymous Coward · · Score: 0

      It still has to have been
      A: logged into
      B: encrypted shit unlocked.

      If the computer just turned on and is still waiting on log in none of this will get you the goods.

    13. Re: Physical access to PC by Anonymous Coward · · Score: 0

      Try this:
      If you have Windows 10, Tell the computer to shut down. After it "shuts down", turn it back on, open task manager, and go to the performance tab and look at your uptime which is in Days:hours:minutes:seconds. If it's longer than the time it took to boot up, and get to the screen, then it didn't shutdown. It went to sleep. So decryption keys are still active.
      This means Fastboot is enabled, preventing you from actually shutting down the machine. All fastboot is is a type of hibernation.

    14. Re: Physical access to PC by piojo · · Score: 1

      Again, you are ignoring the extremely common case of suspend. If the computer has been opened up after being suspended, it is fully logged in and running. That lock screen you see is just a UI. It is not indicative of the computer's state. (It would be possible to unmount encrypted storage during suspend, but I don't think any popular OS does that. Might as well just hibernate instead.)

      --
      A cat can't teach a dog to bark.
  2. Why did I bother reading this? by zippo01 · · Score: 4, Informative

    If I have 5 min alone with system its mine. That is security the most basic security concept. "It only takes 5 min" I need less then that for most systems. Sigh. I dont understand how this is news.

    1. Re: Why did I bother reading this? by Anonymous Coward · · Score: 0

      Worse than that, if APK has 5 minutes alone with the system, he can install his hosts file!

    2. Re:Why did I bother reading this? by AmiMoJo · · Score: 2

      We have known about this for over a decade and AMD systems are now immune.

      AMD introduced encrypted RAM last year. RAM is encrypted with a random key generated at boot time with only 1-2% performance hit. Key cannot be recovered and is regenerated on reboot. In fact VMs can all have their own keys of you like.

      Naturally cold boot attacks become useless on such systems.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:Why did I bother reading this? by klingens · · Score: 3, Interesting

      Only AMD Servers, EPYC CPUs. And those are what? 1% of systems?
      Those servers are usually in datacenters or at least locked server rooms. They aren't at risk in any way here from cold boot attacks in a meaningful way.

      The article writes about notebooks. No AMD notebook CPU anywhere encrypts its RAM. All AMD notebooks are vulnerable, just like all notebooks with CPUs from other vendors.

    4. Re:Why did I bother reading this? by iggymanz · · Score: 1

      where is that key stored in a running system?

    5. Re:Why did I bother reading this? by angel'o'sphere · · Score: 2

      It is not a cold (re)boot anyway, it is ansarm boot.
      In a cold boot power is disconnected from the main board and the ram loses all its data.

      Kids in our days ...

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    6. Re:Why did I bother reading this? by AmiMoJo · · Score: 2

      Secure part of the CPU that doesn't support read-back. The register is write only.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    7. Re:Why did I bother reading this? by Anonymous Coward · · Score: 0

      If I have 5 min alone with system its mine.

      Until 5 minutes 10 seconds when I come through the door and blow your fucking head off.

    8. Re:Why did I bother reading this? by Anonymous Coward · · Score: 0

      "Blow your fucking head", in what sense exactly? Is this a sexual reference? Does compromise of your server turn you on that much?

    9. Re: Why did I bother reading this? by Anonymous Coward · · Score: 0

      It is not a cold (re)boot anyway, it is ansarm boot.
      In a cold boot power is disconnected from the main board and the ram loses all its data.

      Kids in our days ...

      What the hell is a ansarm?

      Whatever, you are just plain wrong about ram losing data on a plug pull. That's the entire point here. Refrigerant spray

    10. Re:Why did I bother reading this? by gweihir · · Score: 1

      Yeah, that is what basically every competent IT security person says and has been saying for years. This is just some people trying to grab attention.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    11. Re:Why did I bother reading this? by thegarbz · · Score: 1

      If I have 5 min alone with system its mine.

      This is why you bothered reading it. If you know how to defeat a full disk encryption of a locked but powered on computer to extract data in 5 minutes then chances are you learnt that by reading about attacks requiring physical access for 5 minutes.

    12. Re:Why did I bother reading this? by MikeBabcock · · Score: 1

      Because with a locked disk-encrypted system, that's no longer true without this attack. Hasn't been for a long time.

      --
      - Michael T. Babcock (Yes, I blog)
    13. Re:Why did I bother reading this? by iggymanz · · Score: 1

      I found VM part has been recently cracked though with technique called SEVered by researchers at Fraunhofer AISEC

    14. Re:Why did I bother reading this? by JThundley · · Score: 1

      How will you defeat hard disk encryption?

  3. If they have physical access by ocsibrm · · Score: 5, Insightful

    you are already screwed by a litany of other potential vectors. That's why physical access control is so important.

    1. Re: If they have physical access by Anonymous Coward · · Score: 0

      Like access to the stickie note under the keyboard that has all the passwords.

    2. Re: If they have physical access by cathector · · Score: 1

      it's okay, i wrote them all in mirror-font.

    3. Re: If they have physical access by Comrade+Ogilvy · · Score: 3, Funny

      Quadruple rot-13 for me. Just try to crack that!

    4. Re: If they have physical access by Falos · · Score: 1

      It's a lot of work, but because of the exponentially increasing permutation span you're 26^4 = 456,976 times safer.

      That's a lot. That many drops of water could fill a soccer field of congress.

    5. Re: If they have physical access by Anonymous Coward · · Score: 0

      That's too insecure for me, but if you XOR it with a key of the same length as the data it becomes impossible to break!
      That's why I use 0x00 (repeated an appropriate number of times) on all my data.

  4. Re: iMac by Anonymous Coward · · Score: 0

    Computers that aren't usable do not count, sorry friend.

  5. and in other news water is wet by Anonymous Coward · · Score: 0

    https://i.imgflip.com/13c4fz.jpg

  6. What if... by Anonymous Coward · · Score: 0

    What if RAM were encrypted and decrypted in real time?

    This way when a machine lost power from the main battery or power supply, all it had to do was save any state to a small encrypted storage whose keys were kept by the security chip.

    As part of a successful boot, the OS would retrieve and restore the state.

    Yes, this would require some temporary power supply, but that's what capacitors are for.
    Yes, it would require new circuitry and draw significantly more power than systems without this feature

    Nobody said security was free.

  7. Re:iMac by Anonymous Coward · · Score: 0

    I was just about to post this. Having that soldered on memory can now be promoted as a security feature.

  8. Simple fix by Anonymous Coward · · Score: 0

    Encrypted memory, generate a new random key before each boot. The hardware is basically present if your system supports SGX. Although typically the "enclave" isn't your entire system memory, there isn't a anything stopping you. Since you can use a random initialization you won't be subject to the known flaw with RSA keys and SGX.

  9. Faster attack when you have physical access by bob4u2c · · Score: 2

    Pull the hard drive, take home and decrypt at will. No known software or hardware patches have been released to fix this issue.

    1. Re:Faster attack when you have physical access by iggymanz · · Score: 4, Informative

      can't break some of the encrypted filesystems, so instead I recommend on-site penetration of the system with operator who knows the password and the $1 wrench from a dollar store. We found there is no need for the $5 wrench.

    2. Re:Faster attack when you have physical access by Calydor · · Score: 1

      Not very stealthy, though.

      --
      -=This sig has nothing to do with my comment. Move along now=-
    3. Re:Faster attack when you have physical access by bob4u2c · · Score: 1

      Most on-site systems (ie desktops) don't have encrypted hard drives. In companies that do encrypt the drive they almost always have physical restrictions in place. Even an encrypted hard drive can be cracked, it just takes time. And if I have the drive I can take as long as I want, hours, days, months, years, it just depends on what I think is on it and how much time I'm willing to invest. Now laptops are a different story, but if the IT team really cared about the data then you load the laptop to use a remote vpn connection back to a VM in a corporate data center, once the laptop is turned off (or taken in some case) the connection is cut and the thief has a generic laptop with no sensitive data. If you really wanted the laptop back you also load a phone home software that first finds the route out to some site like google, then e-mails that data back to some e-mail address on a regular basis. So now you can track down the ISP or locations it connects to the internet with and enlist the ISP or coffee shop in finding the thief. But yes, usually a $1 wrench works wonders in decrypting things.

    4. Re:Faster attack when you have physical access by HornWumpus · · Score: 1

      It was a drive failure! The mirror worked fine and it's back to two already.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    5. Re:Faster attack when you have physical access by Lost+Race · · Score: 1

      Even an encrypted hard drive can be cracked, it just takes time. And if I have the drive I can take as long as I want, hours, days, months, years, it just depends on what I think is on it and how much time I'm willing to invest.

      All the computers in the world can't crack AES-128 in your lifetime.

    6. Re: Faster attack when you have physical access by Anonymous Coward · · Score: 1

      Pffft - it *could* guess right on the first try !

    7. Re:Faster attack when you have physical access by mark-t · · Score: 1

      Locking the case closed comes to mind as one preventative measure.

      --
      File under 'M' for 'Manic ranting'
    8. Re:Faster attack when you have physical access by phantomfive · · Score: 1

      Is it really that easy to decrypt a hard drive?

      --
      "First they came for the slanderers and i said nothing."
    9. Re: Faster attack when you have physical access by c6gunner · · Score: 1

      No. He has no clue what he's talking about. Sure, if your password is "qwerty123" I can decrypt your drive in a reasonable amount of time. If you have a decent password, though, it's going to take long enough that we will both be dead and buried well before my successors manage to unearth your porn stash.

    10. Re:Faster attack when you have physical access by thegarbz · · Score: 1

      Pull the hard drive, take home and decrypt at will

      If you have the encryption key to the drive I assume you probably have all the other login details as well.

    11. Re:Faster attack when you have physical access by iggymanz · · Score: 1

      nonsense, cracking the neural net that can mount the filesystem is a trivial and quick application of intimidation and/or torture

    12. Re:Faster attack when you have physical access by Anonymous Coward · · Score: 0

      No you can't take as much time as you want as you are limited by the heat death of the universe just like everything else. Good luck cracking any decent encryption system before then.

  10. "Apple said that all devices using a T2 chip..." by Anonymous Coward · · Score: 0

    "Apple said that all devices using a T2 chip are not vulnerable."

  11. Physical access to the computer by Anonymous Coward · · Score: 0

    Wow, it's nothing

    1. Re:Physical access to the computer by Anonymous Coward · · Score: 0

      wowitsfuckingnothing.jpg

  12. Oh Noes! by Anonymous Coward · · Score: 0

    You mean I shouldn't leave my laptop unattended in a public place? I had no idea anything could happen if I did that.

  13. In other news... by tomxor · · Score: 1

    ... When doused in petrol and lit on fire, all computers BURN. Thanks captain fucking obvious.

  14. I always just shut down by Anonymous Coward · · Score: 0

    In the age of always connected PCs I always shut down if I won’t be using my PC for awhile. Especially at night and I am surprised how many desktop pc still have wake on LAN enabled in a environment that does not need it. Lot of people don’t sign out or do anything but walk away from their PCs at work. See it all the time and yet it continues to go on.

    1. Re:I always just shut down by HornWumpus · · Score: 1

      Send a 'Drunken, tell off the boss' email from your biggest problem's desk. While they are at lunch, but late enough they could have come back looped.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    2. Re: I always just shut down by Anonymous Coward · · Score: 0

      Or you could just never put anything important on your computer

    3. Re:I always just shut down by Anonymous Coward · · Score: 0

      Send a 'Drunken, tell off the boss' email from your biggest problem's desk. While they are at lunch, but late enough they could have come back looped.

      -

      And then you discover, too late, that security cameras show you at the keyboard at the exact time the email was sent.

      Goodbye to that job, and to any decent job ever after.

      So much for you being a smart guy, asshole.

    4. Re:I always just shut down by HornWumpus · · Score: 1

      What kind of fool doesn't know where the cameras are? What kind of hell hole are you working at?

      Here: Boss would have called 'shenanigans', but played along for a little while, to get people to lock their desktops. Later that same day. Unless he found person actually drunk.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
  15. Very little info by Thyamine · · Score: 1

    There is really almost no info here, so not much of an article. I suppose it is implying that you can do this attack when someone walks away, and when they return they are none the wiser. Or at worst think their laptop rebooted for some reason.

    --
    I will shred my adversaries. Pull their eyes out just enough to turn them towards their mewing, mutilated faces. Illyria
    1. Re:Very little info by omnichad · · Score: 1

      Or at worst think their laptop rebooted for some reason.

      And if it's Windows 10, there will be no suspicion at all.

  16. How come I have it on my Ryzen 3 2200G then? by Anonymous Coward · · Score: 0

    Or is that just because of Linux?
    It took a few options in the kernel config that clearly said both "AMD" and "acceleration" for encryption.
    I think there is a BIOS option too.

    1. Re:How come I have it on my Ryzen 3 2200G then? by WorBlux · · Score: 1

      You need the SEV instruction/extensions specifically.

  17. Let the user decrypt it! by Anonymous Coward · · Score: 0

    Put in an USB device that can access e.g. keyboard input or RAM or whatever. It is trivial today, to have that things so small, it fits into the inserted part of a USB connector. If you can quickly put it on the inside, you practically won. Most people don’t look inside for years, and even tweakers don't for months, if the system runs fine.

    Have it give you a remote console. Access the system when the user is. As it must be decrypted then.
    Done.

  18. I RTFA, I call BS by Anonymous Coward · · Score: 0

    F-Secure's original flawed research:
    https://blog.f-secure.com/cold-boot-attacks/

    They used physical access to bypass this (you can find the link in their blog):
    https://trustedcomputinggroup.org/wp-content/uploads/Platform-Reset-Attack-Mitigation-Specification.pdf

    Within that PDF it says the following:
    "The methods in this specification are not intended to protect against active physical attacks beyond the scope of the above scenario"

    F-Secure didn't break the TCG solution, they proved the TCG was right when TCG said it would not protect against this kind of attack.

    Lame.

    1. Re:I RTFA, I call BS by Anonymous Coward · · Score: 0

      Yep, it is sad that FS is also started to do anything just to get 5 minutes of fame in the news. Perhaps they will next discover that one can remove a unencrypted SSD and read it on another machine.

  19. I think you're all missing the point by Anonymous Coward · · Score: 0

    This story is to sell the idea that TPM is necessary and that Bitlocker will defend against something like this. Security through obscurity. This is a feel-good story to drive the masses to accept Microsoft FDE via bitlocker and to get people to espouse TPM. All your base are belong to us.

  20. Is this really a surprise for anyone? by Aromipesa · · Score: 1

    There really is no way to protect yourself if you let someone have 5 minutes alone with your system especially while it's still on.

  21. If a hacker gains physical access... by BoFo · · Score: 1

    all bets are off.

  22. Am I missing something here ? by Anonymous Coward · · Score: 0

    Just turn the stupid thing OFF - no "hibernate" or "suspend" or any of that other crap. If you're leaving for the day, TURN THE MACHINE OFF.
    Problem solved. This is a stupid hack for stupid people who are too busy to tolerate a minute-long boot. Let them lose their data. There'll be plenty of time once they're in line at the soup kitchen.

  23. Solution: Guard in the datacenter by Anonymous Coward · · Score: 0

    Preferably one trained in hand-to-hand combat so there's no risk of those pesky bullets damaging anything.

  24. c6gunner I proved YOU yourself can't do shit by Anonymous Coward · · Score: 0

    You prove it for me: c6gunner your FAKEname's on a post impersonating me & worse is you altering /. user's words https://linux.slashdot.org/com... as I challenged you to show you do better work and you can't after you tried to mock me you hypocrite LYING loser https://linux.slashdot.org/com... .

    * You're online FAKENAME trash c6gunner & a childish dishonest punk.

    APK

    P.S.=> Impossible to deny FACT of your FAKEname (for your FAKE wasted lie of a so-called life) on that 1st post link above you unbelievable pussy loser... apk

    1. Re:c6gunner I proved YOU yourself can't do shit by Anonymous Coward · · Score: 0

      All I can say is that APK must have gotten spanked pretty hard, because APK is really butthurt right now.