Almost 'All Modern Computers' Affected By Cold Boot Attack, Researchers Warn

Security researchers have discovered a flaw with nearly all modern computers that allow potential hackers to steal sensitive information from your locked devices. CNET adds: The attack only takes about five minutes to pull off, if the hacker has physical access to the computer, F-Secure principal security consultant Olle Segerdahl said in a statement Thursday. Cold boot attacks can steal data on a computer's RAM, where sensitive information is briefly stored after a forced reboot. These attacks have been known since 2008, and most computers today have a safety measure where it removes the data stored on RAM to prevent hackers from stealing sensitive information. It's also not a common threat for the average person, since both access to the computer and special tools -- like a program on a USB stick -- are needed to carry out the attack. But Segerdahl and researchers from F-Secure said they've found a way to disable that safety measure and extract data using cold boot attacks. [Further reading: ZDNet] "It takes some extra steps compared to the classic cold boot attack, but it's effective against all the modern laptops we've tested," he said in a statement. Per F-Secure, there is no patch to address the new vulnerability just yet. For now, the firm recommends that you make tweaks to your system settings so that your computer automatically shuts down or hibernates instead of entering sleep mode when you close your screen.

If they have physical access

[ocsibrm]

you are already screwed by a litany of other potential vectors. That's why physical access control is so important.

Re: Physical access to PC

[kelemvor4]

It involves cooling the RAM chips with some kind of refrigerant spray. So yeah, you need the computer you do this with to be right in front of you and powered on and logged into at least once by some user with a key you want.

Full disk encryption is what this attack defeats. Full disk encryption is really ONLY useful to stop someone with physical control of the computer from accessing your data. Also, the details I read made this sound like a relatively easy attack to implement if you've prepped your work area reasonably. Consider that anyone doing this has already stolen a computer - perhaps by breaking into a home or business. Then they must have a computer with valuable enough data to bother going after it. They aren't going to be going after my pc, and probably not yours. Maybe a politician, banker, or someone with proprietary corporate secrets.. say a fortune 500 exec. For that kind of value as a target, this is a simple attack - compared to other attacks that might be used on high-value targets.