An updated version of the Cold Boot Attack allows hackers to bypass security mechanisms and access data that remain in memory after a machine shuts down. Modern machines from Apple, Dell, Lenovo and other huge technical innovation companies are affected by this new threat.
Known since 2008, the Cold Boot Attack is not new. Attackers with physical access to a machine are able to steal the device’s encryption keys, which briefly remain in memory after a hard reboot. Most devices now protect against Cold Boot Attacks, but a recent discovery has left online users unsettled.
The principal security researcher at F-Secure, Olle Segerdahl and a fellow security consultant Pasi Saarinen, found this mechanism can be broken if the firmware is manipulated. The pair found a way to bypass a protection mechanism and exploit a weakness in the computer’s firmware to steal encryption keys and other data in a successful Cold Boot Attack.
Several types of data could potentially be at risk such as hard drive encryption keys stored in memory, passwords, network credentials and any information on the machine that its user can access.
The amount of time an attacker has to perform the operation depends on the machine they’re attempting to hack. If an attacker finds a machine in sleep mode, then the attacker has unlimited time. If no password is required to boot the machine, they can try multiple times to gain access.
F-Secure has informed Apple, Microsoft, and Intel of their findings. They are adamant in expressing that this technique requires physical access and it is imperative to implement using a device with a discreet Trusted Platform Module (TPM). The TPM will disable the sleep/hibernation mode on your devices and protect them from attacks like this.