Recent reports have shown a decade old hacking technique—the cold boot— is back. There are some notable differences from when the attack was first discovered to today’s version. What is a cold boot attack and are there preventative measures you can take to protect yourself?
What is a Cold Boot Attack?
In 2008, the Princeton group discovered that data stored in the random access memory of a computer is actually preserved over a period after it loses power. As such, the “cold boot” attack is when a hacker takes advantage of an improper shut down of a computer.
A cold boot can happen when someone pulls the plug on a computer and then restarts it. During this short period after power is lost, any information in the random access memory is there for the taking. This is when a hacker uses a tool like an infected USB drive to quickly grab data that was stored in the computer’s memory before the power outage.
Hackers can also extend the period of time the memory cools by leveraging tactic like spraying the memory with an upside down can of liquid air, which releases cold liquid rather than gas.
A cold boot attack can happen on almost any computer.
The Resurgence of Cold Boot Attacks
Recently, security researchers from F Secure discovered a weakness in how computers protect firmware. What they also learned is that this weakness can be exploited using a variation of a cold boot attack.
Essentially, the latest version of the cold boot attack can disable security measures through a computer’s firmware, and allow an attacker to recover sensitive data stored on that computer. A differentiating component of the latest iteration is that an attacker can compromise a laptop that is in sleep mode, potentially lifting sensitive passwords, encryption keys, and other information.
For more technical details, watch the YouTube video from the researchers who discovered the vulnerability.
How to Protect Yourself from Cold Boot Attacks?
Luckily, an attack of this kind is a rather involved process, which makes them more challenging to execute. Additionally, cold boot attacks aren’t too difficult to defend against.
Quick tips for defending against a cold boot attack:
- One of the most straightforward defenses is to trade sleep mode for hibernation. Hibernation does not leave the same digital traces in memory that sleep does which neutralizes the attack.
- Make sure your device is as protected as possible with the latest (and best) iterations of antivirus.
- Set up a strong pre-boot password on your computer adds yet another layer of protection. The more complex the password, the better.