Slashdot Mirror

← Back to Stories (view on slashdot.org)

Almost 'All Modern Computers' Affected By Cold Boot Attack, Researchers Warn (cnet.com)

Posted by msmash on from the security-woes dept.

Security researchers have discovered a flaw with nearly all modern computers that allow potential hackers to steal sensitive information from your locked devices. CNET adds: The attack only takes about five minutes to pull off, if the hacker has physical access to the computer, F-Secure principal security consultant Olle Segerdahl said in a statement Thursday. Cold boot attacks can steal data on a computer's RAM, where sensitive information is briefly stored after a forced reboot. These attacks have been known since 2008, and most computers today have a safety measure where it removes the data stored on RAM to prevent hackers from stealing sensitive information. It's also not a common threat for the average person, since both access to the computer and special tools -- like a program on a USB stick -- are needed to carry out the attack. But Segerdahl and researchers from F-Secure said they've found a way to disable that safety measure and extract data using cold boot attacks. [Further reading: ZDNet] "It takes some extra steps compared to the classic cold boot attack, but it's effective against all the modern laptops we've tested," he said in a statement. Per F-Secure, there is no patch to address the new vulnerability just yet. For now, the firm recommends that you make tweaks to your system settings so that your computer automatically shuts down or hibernates instead of entering sleep mode when you close your screen.

12 of 79 comments (clear)

  1. Why did I bother reading this? by zippo01 · · Score: 4, Informative

    If I have 5 min alone with system its mine. That is security the most basic security concept. "It only takes 5 min" I need less then that for most systems. Sigh. I dont understand how this is news.

    1. Re:Why did I bother reading this? by AmiMoJo · · Score: 2

      We have known about this for over a decade and AMD systems are now immune.

      AMD introduced encrypted RAM last year. RAM is encrypted with a random key generated at boot time with only 1-2% performance hit. Key cannot be recovered and is regenerated on reboot. In fact VMs can all have their own keys of you like.

      Naturally cold boot attacks become useless on such systems.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:Why did I bother reading this? by klingens · · Score: 3, Interesting

      Only AMD Servers, EPYC CPUs. And those are what? 1% of systems?
      Those servers are usually in datacenters or at least locked server rooms. They aren't at risk in any way here from cold boot attacks in a meaningful way.

      The article writes about notebooks. No AMD notebook CPU anywhere encrypts its RAM. All AMD notebooks are vulnerable, just like all notebooks with CPUs from other vendors.

    3. Re:Why did I bother reading this? by angel'o'sphere · · Score: 2

      It is not a cold (re)boot anyway, it is ansarm boot.
      In a cold boot power is disconnected from the main board and the ram loses all its data.

      Kids in our days ...

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    4. Re:Why did I bother reading this? by AmiMoJo · · Score: 2

      Secure part of the CPU that doesn't support read-back. The register is write only.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. If they have physical access by ocsibrm · · Score: 5, Insightful

    you are already screwed by a litany of other potential vectors. That's why physical access control is so important.

    1. Re: If they have physical access by Comrade+Ogilvy · · Score: 3, Funny

      Quadruple rot-13 for me. Just try to crack that!

  3. Faster attack when you have physical access by bob4u2c · · Score: 2

    Pull the hard drive, take home and decrypt at will. No known software or hardware patches have been released to fix this issue.

    1. Re:Faster attack when you have physical access by iggymanz · · Score: 4, Informative

      can't break some of the encrypted filesystems, so instead I recommend on-site penetration of the system with operator who knows the password and the $1 wrench from a dollar store. We found there is no need for the $5 wrench.

  4. Re: Physical access to PC by kelemvor4 · · Score: 5, Informative

    It involves cooling the RAM chips with some kind of refrigerant spray. So yeah, you need the computer you do this with to be right in front of you and powered on and logged into at least once by some user with a key you want.

    Full disk encryption is what this attack defeats. Full disk encryption is really ONLY useful to stop someone with physical control of the computer from accessing your data. Also, the details I read made this sound like a relatively easy attack to implement if you've prepped your work area reasonably. Consider that anyone doing this has already stolen a computer - perhaps by breaking into a home or business. Then they must have a computer with valuable enough data to bother going after it. They aren't going to be going after my pc, and probably not yours. Maybe a politician, banker, or someone with proprietary corporate secrets.. say a fortune 500 exec. For that kind of value as a target, this is a simple attack - compared to other attacks that might be used on high-value targets.

  5. Re: Physical access to PC by omnichad · · Score: 2

    So an extra-cold boot, then.

  6. Re: Physical access to PC by piojo · · Score: 3, Informative

    You haven't considered the case of "suspend", which the summary mentioned. When a laptop is suspended (and I think most are when they're not in use), encrypted disks are unlocked. And desktops are often left on when not in use. I think the GP is accurate: this attack defeats full disk encryption for most users.

    --
    A cat can't teach a dog to bark.