Cold boot, an attack technique 10 years ago can crack the encryption of most PCs today

Hard drive encryption is one of the most important things to secure data on your computer. But an attack technique that has a decade-long life and works on most computers that are currently cold boot can find those security keys, allowing hackers to decrypt your data. That's a recent discovery by researchers at security company F-Secure.

Researchers have discovered an attack that utilizes a cold boot method to decrypt a user's encrypted data. When using this attack technique, the hacker will unplug the power to shutdown, then restart. A malicious USB stick will be plugged in to quickly collect data stored on the device memory before the device is completely depleted.

Cold boot, an attack technique 10 years ago can crack the encryption of most PCs today Picture 1

10 years ago, chip makers and computer operating systems offered many solutions to combat cold boot attacks. But according to F-Secure researchers, cold boot has somehow "revived".

On modern computers, performing a cold boot attack may be more difficult than 10 years ago, but if used, this is still an effective way to decode machines. count. Security consultants said they tried to use this attack technique on many different computers, resulting in high efficiency and high success. Although a bit complicated, but with the knowledge of a hacker, this is entirely within their ability.

Olle Segerdahl, a security consultant at F-Secure, said that to extract secrets from memory on a lost computer, this attack technique would be a great choice.

Segerdahl stressed that this attack method could be used to penetrate the entire network of corporations and organizations managing a large number of computers from a lost or stolen laptop.

Today's computers are equipped with industry-standard cold boot protection, which works by conducting a simple test between the operating system and the computer's firmware. When there is confidential data stored in the device memory, the operating system will mark or flag the signal. When the computer starts the firmware of the machine, it will check the flag. When you turn off your computer in the usual way, the data with the flag will be removed by the operating system. If the computer is turned off in an unusual way, the flag will still be in the boot process, the firmware will detect the responsibility to remove the memory before anything can happen.

Cold boot, an attack technique 10 years ago can crack the encryption of most PCs today Picture 2

Based on the above task assignment method, F-Secure researchers found a way to bypass the cold boot protection mechanism. They designed a program that can connect to the firmware chip and control flagging, a relatively simple microcontroller circuit. After opening the computer case, they connect directly to the chip used to run the firmware and flag it to interact with it and delete the flag. Then, the computer will think that it is turned off normally and because the flag is no longer available, the operating system has been deleted from memory but the fact is that the data is still there. After that, the attacker can continue to perform the standard cold boot attack technique.

How to prevent Cold Boot attack techniques

Organizations should carefully monitor all their devices so that if one of them is lost or stolen, it can revoke Wi-Fi certificates, VP authentication information and other forms of authentication. Allows devices to access the entire network before being intervened.

Instead of just going to sleep mode, set the computer to turn off automatically when they are idle. Then request an additional PIN when the computer is turned on, before the operating system actually starts using a disk encryption tool - such as Microsoft BitLocker. Meanwhile, computer memory will have nothing to be stolen.

If you have to go out and worry about your computer being interfered, you can choose the physical interaction monitoring tools with the device to receive notifications when there are access acts. device physically. You can refer to the Haven mobile app and the Mac App Do Not Disturb in the articles below.

1. Turn your phone into a watch like a Hollywood movie thanks to the application of the former CIA agent
2. Trick to enable Do Not Disturb feature on Mac

Segerdahl said that the researchers have yet to find a quick way to fix this big problem and they announced their findings to Microsoft, Apple and Intel.

To solve this problem, Microsoft has released an update to use BitLocker.

1. How to use Bitlocker to encrypt data on Windows 10 (Part 1)
2. How to use Bitlocker to encrypt data on Windows 10 (The last part)
3. Instructions for encrypting USB or memory cards with Bitlocker on Windows 10
4. How to use BitLocker to encrypt data on Windows 8

Apple developed the T2 chip on the new iMac and successfully defeated this cold boot regeneration technique. For Macs without a T2 chip, Apple is looking for other ways to protect it.

Cold boot, an attack technique 10 years ago can crack the encryption of most PCs today Picture 3

Meanwhile, Intel declined to comment on the issue.

Kenn White, director of the Open Crypto Audit Project, who did not participate in the study, said that it is necessary to update the hardware to defeat a cold boot attack. And the risk of data theft through cold boot technology will continue to exist on most computers for years to come.

See more:

1. What is the method of attacking APT network?
2. If you don't want to be a victim of Ransomware, read this article
3. Summary of popular network attacks today