New Cold Boot Attack Unlocks Disk Encryption On Nearly All Modern PCs

September 14, 2018 Published in: News Author: Vedran Bozicevic

Security researchers have revealed a new attack to steal passwords, encryption keys and other sensitive information stored on most modern computers, even those with full disk encryption.

The attack is a new variation of a traditional Cold Boot Attack, which is around since 2008 and lets attackers steal information that briefly remains in the memory (RAM) after the computer is shut down.

However, to make the cold boot attacks less effective, most modern computers come bundled with a safeguard, created by the Trusted Computing Group (TCG), that overwrites the contents of the RAM when the power on the device is restored, preventing the data from being read.

Now, researchers from Finnish cyber-security firm F-Secure figured out a new way to disable this overwrite security measure by physically manipulating the computer’s firmware, potentially allowing attackers to recover sensitive data stored on the computer after a cold reboot in a matter of few minutes.

Like the traditional cold boot attack, the new attack also requires physical access to the target device as well as right tools to recover remaining data in the computer’s memory.

According to Olle and his colleague Pasi Saarinen, their new attack technique is believed to be effective against nearly all modern computers and even Apple Macs and can’t be patched easily and quickly.

Read more: The Hacker News

Vedran Bozicevic

I am a digital marketer with several years of experience with various types of online marketing technologies and channels. Before joining GlobalDots, my experience included working as a content marketing manager for a software development company, and several others marketing positions where I worked on digital marketing strategies and channels.

Our Story

 

GlobalDots helps companies to evaluate, purchase, and integrate cloud services by acting as a neutral consultancy layer between vendors and customers with a keen focus on optimizing performance, workflows, and costs.

We're in the unique position to orchestrate full-stack, multi-vendor architectures such as multi-CDN, CDN+WAF+AWS, CDN+Mobile App optimization, dual-DNS, and other interesting setups.

Increase speed, availability and reliability of your website by learning from the experts in our FREE email course.

Learn everything you need to know about Bad Bot threats by downloading your FREE copy of Bad Bot Report 2018.

Find out the most important tips&tricks before selecting your next CDN provider in this FREE guide.

Find out all the specifics about web threats by downloading our FREE Field Guide to Modern Web Security.