F-Secure Says Almost All Computers Are Vulnerable to New Cold Boot Attack

F-Secure Says Almost All Computers Are Vulnerable to New Cold Boot Attack

Look at that laptop over there, lid closed and sleeping soundly. It looks safe and secure, doesn’t it? Well, there’s a good chance that it’s vulnerable to a cold boot attack that could compromise your data. According to security firm F-Secure, almost every computer is vulnerable to this type of attack.

At the heart of this attack is the way computers manage RAM via firmware. Cold boot attacks aren’t new — the first ones came along in 2008. Back then, security researchers realized you could hard reboot a machine and siphon off a bit of data from the RAM. This could include sensitive information like encryption keys and personal documents that were open before the device rebooted. In the last few years, computers have been hardened against this kind of attack by ensuring RAM is cleared faster. For example, restoring power to a powered-down machine will erase the contents of RAM.

The new attack can get around the cold boot safeguards because it’s not off — it’s just asleep. F-Secure’s Olle Segerdahl and Pasi Saarinen found a way to rewrite the non-volatile memory chip that contains the security settings, thus disabling memory overwriting. After that, the attacker can boot from an external device to read the contents of the system’s RAM from before the device went to sleep.

You can see the process in the video below. It’s obviously quite involved, but an experienced attacker could get it done in a matter of minutes. F-Secure’s description of the attack seems intentionally vague on how exactly you modify the firmware security, but we are assured it’s “simple.” Perhaps the one saving grace here is that someone needs to have physical access to your computer and enough time to take it apart in order to steal any data. Some computers aren’t very easy to disassemble these days, either.

F-Secure says there’s no easy fix for PC vendors — there will always be ways to pull data out of RAM with the right methods. However, end users and businesses can change their practices to limit the impact of cold boot attacks. Using firmware passwords can harden computers, and just closing the lid on a laptop is risk. Rather than letting computers go to sleep, F-Secure recommends using hibernation. Hibernation will clear encryption keys from RAM, but other files could still be at risk. Shutting your computer all the way off is still the best defense.

Continue reading

Scientists Confirm the Presence of Water on the Moon
Scientists Confirm the Presence of Water on the Moon

Scientists have confirmed the discovery of molecular water on the moon. Is there any of it in a form we can use? That's less clear.

Intel’s Raja Koduri to Present at Samsung Foundry’s Upcoming Conference
Intel’s Raja Koduri to Present at Samsung Foundry’s Upcoming Conference

Intel's Raja Koduri will speak at a Samsung foundry event this week — and that's not something that would happen if Intel didn't have something to say.

Review: The Oculus Quest 2 Could Be the Tipping Point for VR Mass Adoption
Review: The Oculus Quest 2 Could Be the Tipping Point for VR Mass Adoption

The Oculus Quest 2 is now available, and it's an improvement over the original in every way that matters. And yet, it's $100 less expensive than the last release. Having spent some time with the Quest 2, I believe we might look back on it as the headset that finally made VR accessible to mainstream consumers.

AMD Smashes Revenue Records as Zen 3, Xbox Series X, PS5 Ramp Up
AMD Smashes Revenue Records as Zen 3, Xbox Series X, PS5 Ramp Up

AMD's Q3 2020 results are in, and the results are excellent for the company, in every particular.