Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security IT Technology

Almost 'All Modern Computers' Affected By Cold Boot Attack, Researchers Warn (cnet.com) 79

Security researchers have discovered a flaw with nearly all modern computers that allow potential hackers to steal sensitive information from your locked devices. CNET adds: The attack only takes about five minutes to pull off, if the hacker has physical access to the computer, F-Secure principal security consultant Olle Segerdahl said in a statement Thursday. Cold boot attacks can steal data on a computer's RAM, where sensitive information is briefly stored after a forced reboot. These attacks have been known since 2008, and most computers today have a safety measure where it removes the data stored on RAM to prevent hackers from stealing sensitive information. It's also not a common threat for the average person, since both access to the computer and special tools -- like a program on a USB stick -- are needed to carry out the attack. But Segerdahl and researchers from F-Secure said they've found a way to disable that safety measure and extract data using cold boot attacks. [Further reading: ZDNet] "It takes some extra steps compared to the classic cold boot attack, but it's effective against all the modern laptops we've tested," he said in a statement. Per F-Secure, there is no patch to address the new vulnerability just yet. For now, the firm recommends that you make tweaks to your system settings so that your computer automatically shuts down or hibernates instead of entering sleep mode when you close your screen.
This discussion has been archived. No new comments can be posted.

Almost 'All Modern Computers' Affected By Cold Boot Attack, Researchers Warn

Comments Filter:
  • by zippo01 ( 688802 ) on Thursday September 13, 2018 @03:59PM (#57309410)
    If I have 5 min alone with system its mine. That is security the most basic security concept. "It only takes 5 min" I need less then that for most systems. Sigh. I dont understand how this is news.
    • by AmiMoJo ( 196126 )

      We have known about this for over a decade and AMD systems are now immune.

      AMD introduced encrypted RAM last year. RAM is encrypted with a random key generated at boot time with only 1-2% performance hit. Key cannot be recovered and is regenerated on reboot. In fact VMs can all have their own keys of you like.

      Naturally cold boot attacks become useless on such systems.

      • Re: (Score:3, Interesting)

        by klingens ( 147173 )

        Only AMD Servers, EPYC CPUs. And those are what? 1% of systems?
        Those servers are usually in datacenters or at least locked server rooms. They aren't at risk in any way here from cold boot attacks in a meaningful way.

        The article writes about notebooks. No AMD notebook CPU anywhere encrypts its RAM. All AMD notebooks are vulnerable, just like all notebooks with CPUs from other vendors.

      • where is that key stored in a running system?

      • It is not a cold (re)boot anyway, it is ansarm boot.
        In a cold boot power is disconnected from the main board and the ram loses all its data.

        Kids in our days ...

      • I found VM part has been recently cracked though with technique called SEVered by researchers at Fraunhofer AISEC

    • by gweihir ( 88907 )

      Yeah, that is what basically every competent IT security person says and has been saying for years. This is just some people trying to grab attention.

    • If I have 5 min alone with system its mine.

      This is why you bothered reading it. If you know how to defeat a full disk encryption of a locked but powered on computer to extract data in 5 minutes then chances are you learnt that by reading about attacks requiring physical access for 5 minutes.

    • Because with a locked disk-encrypted system, that's no longer true without this attack. Hasn't been for a long time.

    • How will you defeat hard disk encryption?

  • by ocsibrm ( 3588573 ) on Thursday September 13, 2018 @03:59PM (#57309412)
    you are already screwed by a litany of other potential vectors. That's why physical access control is so important.
  • by bob4u2c ( 73467 ) on Thursday September 13, 2018 @04:25PM (#57309592)
    Pull the hard drive, take home and decrypt at will. No known software or hardware patches have been released to fix this issue.
    • by iggymanz ( 596061 ) on Thursday September 13, 2018 @04:41PM (#57309696)

      can't break some of the encrypted filesystems, so instead I recommend on-site penetration of the system with operator who knows the password and the $1 wrench from a dollar store. We found there is no need for the $5 wrench.

      • by bob4u2c ( 73467 )
        Most on-site systems (ie desktops) don't have encrypted hard drives. In companies that do encrypt the drive they almost always have physical restrictions in place. Even an encrypted hard drive can be cracked, it just takes time. And if I have the drive I can take as long as I want, hours, days, months, years, it just depends on what I think is on it and how much time I'm willing to invest. Now laptops are a different story, but if the IT team really cared about the data then you load the laptop to use a
        • Even an encrypted hard drive can be cracked, it just takes time. And if I have the drive I can take as long as I want, hours, days, months, years, it just depends on what I think is on it and how much time I'm willing to invest.

          All the computers in the world can't crack AES-128 in your lifetime.

    • by Calydor ( 739835 )

      Not very stealthy, though.

    • by mark-t ( 151149 )
      Locking the case closed comes to mind as one preventative measure.
    • Is it really that easy to decrypt a hard drive?
      • No. He has no clue what he's talking about. Sure, if your password is "qwerty123" I can decrypt your drive in a reasonable amount of time. If you have a decent password, though, it's going to take long enough that we will both be dead and buried well before my successors manage to unearth your porn stash.

    • Pull the hard drive, take home and decrypt at will

      If you have the encryption key to the drive I assume you probably have all the other login details as well.

  • ... When doused in petrol and lit on fire, all computers BURN. Thanks captain fucking obvious.
  • There is really almost no info here, so not much of an article. I suppose it is implying that you can do this attack when someone walks away, and when they return they are none the wiser. Or at worst think their laptop rebooted for some reason.
    • Or at worst think their laptop rebooted for some reason.

      And if it's Windows 10, there will be no suspicion at all.

  • There really is no way to protect yourself if you let someone have 5 minutes alone with your system especially while it's still on.

Whoever dies with the most toys wins.

Working...