Most Modern Computers Vulnerable to Cross-Platform Cold Boot Attack

In a presentation during the SEC-T security/hacking conference taking place in Stockholm, Sweden, F-Secure researchers Olle Segerdahl and Pasi Saarinen detailed how attackers can use a firmware exploit to disable security measures put in place by vendors and extract any encrypted data left in the RAM modules.

Cold boot attacks are security attacks through which malicious parties with physical access and to a computer can steal encryption keys from DRAM and SRAM memory modules after resetting or rebooting the machine.

The stolen encryption keys are then used to mount protected volumes from the hard drive and allow for sensitive data being extracted.

In this specific case, the ice-cold boot attack vector makes it possible to descramble the data encrypted with the help of either BitLocker or FileVault and to recover encryption keys from RAM after the attacker gets physical access to the targeted ... (read more)

No comments:

Post a Comment