New cold boot attack allows to steal encryption keys

A new Cold Boot Attack version lets attackers steal valuable data

New cold boot attack allows to steal encryption keysAttackers can steal various sensitive information, encryption keys, and passwords by using the new cold boot attack variant.

IT experts discovered a new variant of the Cold Boot Attack[1] that can let steal passwords, sensitive information, and even encryption keys from the computer[2]. This type of method is considered to work on almost every modern machine you can find, even if the disk space has reached its limit.

Overall, cold boot attacks which are active for ten years is a way for attackers to steal important information that is located in RAM after the computer is shut down. Researcher group TCG (Trusted Computing Group) that consists of engineers from IBM, Hewlett-Packard, Intel, Microsoft, and AMD implemented a safeguard which would overwrite RAM as soon as a computer is turned back on. The technique is known as Reset Attack Mitigation or MORLock.[3]

Cold boot attacks are used for encryption key obtainment

MORLock thought to be effective for a while; however, researchers from F-secure discovered a way to manipulate the safeguard which allows hackers to regain sensitive details on the computer after a cold reboot in a few minutes time duration. If the attacker manages to break through, numerous important information can come to a risk of exposure:[4]

Cold boot attacks are a known method of obtaining encryption keys from devices. But the reality is that attackers can get their hands on all kinds of information using these attacks. Passwords, credentials to corporate networks, and any data stored on the machine are at risk.

IT experts explained that it is possible to enable the booting using external devices. Rewriting the memory chip and disabling it. Moreover, the traditional and new boot attacks have a thing in common – both of them need physical access to reach their target.

Apple's T2 Chip helps to avoid dangerous attacks

Apple claimed that Mac devices have an Apple T2 Chip[5] which is a precautionary measure against such dangerous attacks. However, it seems that not all Mac computers have this chip. For those machines that do not have it, Apple recommended users to create a password for the firmware to increase the security level.

However, IT researchers from F-secure claim that it is also up to the manufacturers of the computers to strengthen their security system that would prevent cold boot attacks. Sadly, this is not a very easy goal to achieve which might take some time:

When you think about all the different computers from all the different companies and combine that with the challenges of convincing people to update, it’s a really difficult problem to solve easily. It will take the kind of coordinated industry response that doesn’t happen overnight, explains Olle from F-secure.

About the author
Lucia Danes
Lucia Danes - Security researcher

Lucia Danes is the news editor at UGetFix. She is always on the move because the eager for knowledge makes her travel around the globe and attend InfoSec events and conferences.

Contact Lucia Danes
About the company Esolutions

Read in other languages