Researchers have revealed that hackers can steal encryption keys, credentials to corporate networks and passwords as long as they have physical access to modern computers, through ‘cold boot’ attacks.
An early variation of a cold boot attack was discovered back in 2018 when it was disclosed that information could be stolen from the RAM even after a computer has lost its power. Data will remain for minutes, even hours, in the physical memory as long as they remain at low temperatures. At this stage, RAMs are vulnerable to hackers who could physically access the system to recover cryptographic keys held in the memory.
“Sleep mode is vulnerable mode,” F-Secure Principal Security Consultant Olle Segerdahl says.
The primary function of cold boot attacks? To obtain encryption keys rom the user’s device by booting from an external USB stick to grab data from the RAM. It also enables the attacker to perform other actions like stealing passwords and other crucial information.
With the use of relevant tools, it can be effective against nearly all modern laptops, according to researchers.
“It’s not exactly easy to do, but it’s not a hard enough issue to find and exploit for us to ignore the probability that some attackers have already figured this out,” Olle from F-secure added. “It’s not exactly the kind of thing that attackers looking for easy targets will use. But it is the kind of thing that attackers looking for bigger phish, like a bank or large enterprise, will know how to use.”
Further, the researcher believes there isn’t any easy fix on offer to PC vendors, leaving the burden on end users and companies.
Image credit: Pexels.