Cold-Boot Attack – Steal a Password in 2 Minutes!

Windows Articles

How to install Brackets in Windows 10 plus extensions

Hello! Brackets is an open-source code editor designed by Adobe for web developers. Additionally, it has a very simple and modern interface...

How to install Docker on OpenSUSE 15.2 / 15.1?

Docker is a fairly popular technology in today’s sysadmin. It is logical to think because it means a complete change in the...

How to analyze the network with IP Tools for Android

Hi! If you want to analyze and adjust the network almost professionally, then this post is for you. Indeed, IP Tools is...

How to install GNU Fortran on Ubuntu 20.04 / 18.04?

Not everything old is bad. This is how it is. Well, while it is true that there are many programming languages today, there are...

How to install Unity Desktop on Ubuntu 20.04?

Unity Desktop was for a long time the default desktop environment in Ubuntu. Thanks to this, Ubuntu gained a great personality and...

There are a number of ways to secure your important data on your system like strong system login password, encrypting the file(s) or storing them online. Before going deep, let’s have a look at your system. Whenever you login into your system, it requires you to verify that it’s really YOU with the password you craved into the OS, right? That’s one of the basics of security and of course, very essential as a very basic layer of protection for your data and privacy.

Now, think of such a situation where your laptop got stolen. It had password protection in the system. Your system requires password to enter, so no need to worry about that, right? Wrong! In fact, for stealing your important data like the login password, your laptop doesn’t have to be stolen. Even 2 minute is more than enough!

Ladies and gentlemen, welcome to the reality of cold-boot attack!

Cold-boot attack

This is a type of side-channel attack that, for performing on any system, requires physical access to the machine. It depends on the memory behavior of the system memories to extract sensitive information out of the system’s RAM. The data may include encryption keys, even after the power loss.

The attack successfully exploits the weakness in how the computers protect the low-level software that’s responsible for performing all the interactions with the RAM.

RAM is a volatile memory that loses all its data without power, right? If you can cool the RAM down fast enough, you’re successful in enabling the RAM to hold those data for minutes! That’s what some security researchers figured out and demonstrated the deadliness of this cold-boot attack.

Early protection against cold-boot

The side-channel attack “cold-boot” has been around for years. As it requires physical access, general users aren’t the normal target of the crooks. Instead, high value persons are the target. Despite this fact, computer manufacturers ensured to implement a protection against it.

“Trusted Computer Group”, a consortium that’s formed by AMD, Intel, IBM, HP (Hewlett-Packard) and Microsoft decided to overwrite the RAM content when the computer gets back to power. This specification is widely known as MORLock (Memory Overwrite Request Control).

MORLock is DEAD!

Pasi Saarinen from F-Secure and Olle Segerdahl – two security researchers found a way to reprogram the non-volatile parts of the memory chips (the part containing the overwrite instructions). Thus, they were able to disable the action and enable boot from external USB device for analyzing the RAM data and extract information from it.

FOr this attack to work, the computer would need to go into sleep mode. Hibernation and shut down securely erases info from the RAM, so that’s not effective. When in sleep mode, the computer is suspended in the RAM, allowing the crook to do works with it.

Time is crucial

Here’s a short demo of how the attack works.

The main critical timing is the powering off the machine and waking it up again. Using the freezing technique, the RAM holds all the information preventing the data during the process. Thus, the hacker is able to boot into a live OS from a USB stick.

The technique can also steal any data in the computer memory including HDD encryption keys!

In the case of Windows, BitLocker is the HDD encryption tool. However, despite the fact that BitLocker is a powerful solution, it still falls victim to the side-channel cold-boot attack. Here’s a demo how the security researchers even broke BitLocker.

Protection against the attack

Now, the defense against such attack is possible with the current available methods. Make sure that you follow them properly.

  1. Enable BIOS password. Whenever someone wants to boot into the live OS, he has to go through the boot menu. Password protect your boot menu so that even if your system is compromised, he won’t have the mean to boot into the especially-crafted live OS.
  2. Whenever your work is complete, shut down or hibernate your system. Do NOT put your computer in sleep mode.

Pretty simple, right? Another quick tip – don’t leave your laptop in a public place.

Stay secure and enjoy!

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to install Brackets in Windows 10 plus extensions

Hello! Brackets is an open-source code editor designed by Adobe for web developers. Additionally, it has a very simple and modern interface...

How to install Docker on OpenSUSE 15.2 / 15.1?

Docker is a fairly popular technology in today’s sysadmin. It is logical to think because it means a complete change in the...

How to analyze the network with IP Tools for Android

Hi! If you want to analyze and adjust the network almost professionally, then this post is for you. Indeed, IP Tools is...

How to install GNU Fortran on Ubuntu 20.04 / 18.04?

Not everything old is bad. This is how it is. Well, while it is true that there are many programming languages today, there are...

How to install Unity Desktop on Ubuntu 20.04?

Unity Desktop was for a long time the default desktop environment in Ubuntu. Thanks to this, Ubuntu gained a great personality and...