SoftActivity

Cold Boot Attacks and How to Defend Against Them

Cold boot attacks have been a tool that hackers have used to gain access to data for many years now, with the first vulnerability being discovered in 2008. Most of these old vulnerabilities have since been patched, but there is a new one that has recently been discovered and could already be used to steal corporate data.

Photo by Fancycrave on Unsplash

What cold boot attacks are

All cold boot attacks rely on exploiting vulnerabilities regarding improper shutdown procedures such as cold/hard reboots. After using a cold reboot to restart the computer, a hacker is able to steal encryption keys thanks to the data remanence of SRAM and DRAM. The data that is stored in memory is still readable for some time after performing the cold reboot, so a hacker with physical access to the computer can retrieve it.

After the discovery of cold boot attacks, many different security implementations were created to protect against them. However, it turns out that these patches have their own exploits and now a new vulnerability has been discovered by security researchers that puts most computers at risk.

The latest vulnerability

This newest cold boot attack relies on bypassing the security measures that were put in place to protect against older vulnerabilities. The original safeguard involved overwriting the computer’s memory upon booting up. However, it’s possible to overcome this security measure by physically manipulating the computer’s memory as it boots up using a tool that manipulates the RAM.

Once a hacker has bypassed the overwriting feature, they can then access all of the data stored in the computer’s memory just like older versions of the cold boot attack.

Although encryption keys are a prime target for cold boot attacks, there’s no limit to what a hacker can access once they have exploited this vulnerability. Passwords, account information, addresses, and corporate credentials are all susceptible to being stolen with this method.

Preventing cold boot attacks

Unfortunately, as this latest exploit is still rather new, it will take some time before PC vendors are able to develop a patch for it. Until then, there are a few things that you can do to make sure a hacker isn’t able to use this attack on your company’s computers.

The first step that should be taken is to educate employees on this security risk and advise them to be wary of others accessing their corporate computers and to not use sleep mode until a fix can be issued.

Currently, the best method to safeguard against this attack is to configure all company computers to either shut down completely or hibernate instead of using sleep mode as things like encryption keys are stored in RAM when a computer sleeps, but not when shut down or set to hibernate. Along with this, it’s important to implement a PIN system on every computer that employees have to enter when booting up to help keep hackers out.

While these methods of protection aren’t perfect, they should help improve security against cold boot attacks significantly and are a good workaround until a patch to fix this exploit is released.

SoftActivity Team

September 28th, 2018