 |
| What is Cold Boot Attack? All You Need To Know. |
Cold Boot Attack is yet another method use in stealing data form computer devices. The only thing unique about the cold boot attack is that the attacker has to gain direct access to the computer hardware or the whole computer. This article What is Cold Boot Attack? All You Need To Know talks about what is Cold Boot Attack and all what you need to know about it as well as how to stay safe from such malicious techniques.
What is Cold Boot Attack?
In a Cold Boot Attack or a Platform Reset Attack as it is also called, here an attacker has to gain physical access to your computer he or she will then do a cold reboot to restart the machine in order to basically retrieve encryption keys from the Windows operating system i.e. Windows OS, this is just the whole logic behind this attack
As we have in school that, the RAM (Random Access Memory) is a volatile memory and cannot hold data if the computer is switched or powered off. Nevertheless, what the teacher or lecturer should have taught us is that the "RAM cannot hold data for long if the computer is switched off". This means that, the RAM still holds data for few seconds to in fact few minutes before the data it holds gradually fades out due to lack of electricity supply or electricity cut short. So in essence, for an ultra-small period of time, anyone with the proper tools and skills can indeed read the content of the RAM and even copy it to a safe, permanent storage location in or out of the computer using a different lightweight operating system such as Linux etc. on a USB stick or SD Card. Such an attack is what we literally refer to as the cold boot attack.
So just Imagine a computer lying unattended at some office or organization setting for a few minutes, an attacker just has to set his tools in place and easily turn off the computer. So as the RAM gradually cools down as a result of powering off, data on the other hand fades out slowly, the attacker the rapidly plugs in a bootable USB stick and boots through that. The attacker can now copy the contents he or she wants into something like the same USB stick.
As we now have it, since the nature of malicious attack is based on turning off the computer and then using the power switch to restart it, it is otherwise called cold boot. With no doubt, you must have heard or learnt about cold boot and warm boot in your early computing learning years if am right. Even if you have forgotten let me remind you:
- Cold boot is where you start a computer using the power switch.
- Warm Boot is where you use the option of restarting a computer using the restart option in the shutdown menu.
Freezing of the RAM (Random Access Memory)
This is in fact another trick in the toolkit of an attacker. All an attacker need to do is to basically spray some chemical substance for example: Liquid Nitrogen etc. on to the RAM modules on the mother board of the computer so that they freeze almost immediately. Thus it is not rocket science, the lower the temperature of the RAM, the longer the RAM can hold the information or data it contains. So,using this technique, the attacker can successfully complete a Cold Boot Attack and copy maximum amount of data or information from the computer been attacked. In fact to hasten up the process, the attacker use an autorun files on the lightweight Operating System e.g. Linux OS as i have earlier mentioned on USB Sticks or SD Cards that are booted soon after shutting down the computer being attacked.
Basic Steps in a Cold Boot Attack.
Not everyone uses this type of attack styles similar to the one given below. However, most of the common steps are as listed below. Change the BIOS information to allow boot from USB or external drive first. Insert a bootable USB stick or SD card into the computer to be attacked Turn off the computer to be attacked forcibly so that the processor does not get time to dismount any encryption keys or other important data; know that a proper shutdown may too help but may not be as successful as a forced shut down by pressing the power key or other methods. As soon as possible, press the power switch of computer being attacked to initiate a cold boot Since the BIOS settings were initially changed, the Operating System on a USB stick is immediately loaded, up and running. As the Operating System is being loaded, the autorun processes to extract data stored in RAM also begin to run. Turn off the computer again after checking the destination storage (where the stolen data is stored), remove the USB OS Stick, smile and then walk away.
What information is at risk in Cold Boot Attacks?
As we have it, most common information/data at risk are disk encryption keys and passwords. Normally, the aim of a cold boot attack is to retrieve disk encryption keys illegally, without authorization. The last thing to happen when in a proper shutdown are dismounting the disks and using the encryption keys to encrypt them so it is possible that if a computer is turned off abruptly, the data might still be available for them.
Securing yourself from Cold Boot Attack
You have to ensure that you stay close to your computer until at least 5 minutes after it is shut down. Also to shut down properly using the shutdown menu, instead of pulling the computer power cable or using the power button to turn off the computer system. However, you need not worry all that on the cold boot attack technique because it is not a software based attack, rather it is more of an hardware attack. So the Original Equipment Manufacturers (OEMs) should take the initiative to remove all data from RAM as soon as possible after a computer is powered off to avoid and protect you from the malicious cold boot attack. Nevertheless, some computers nowadays now overwrite the RAM before completely shutting down. Still, the possibility of a forced shutdown is always there. The technique used by BitLocker is to use a PIN to access the RAM. Even if the computer has been hibernated, when the user wakes it up and tries to access anything, first he or she has to enter a PIN to access RAM. This method is also not fool-proof as attackers can get the PIN using one of these methods called Phishing or Social Engineering.
Summary
This post on What is Cold Boot Attack? All You Need To Know explains what a cold boot attack is and how it works. However, there are some restrictions due to which 100% security cannot be offered against a cold boot attack. But as far as I know, security companies are working to find a better fix than simply rewriting RAM or using a PIN to protect contents of RAM.
>>> cold boot attack tools
>>> cold boot attack project
>>> cold boot attack bitlocker
>>> cold boot attack protection
>>> cold boot attacks on encryption keys
>>> cold boot attack tutorial
>>> warm boot attack
>>> prevent cold boot attack
![How To Fill Western Union Receive Teller [Photo]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbVZjSLIvWZ1X-ttiQaJgVsNMTkBsqudoVEohv6_8yTN4hH3t7thn7F07x_uszKQ1a67uX3MPYmBuoj0HBT0mVTBo-NZz-PRn-my16gI1NAvv4mz2BuOF6hvVpseykeTyJW7FT4lc8zEk/w100/How+To+Fill+Western+Union+Receive+Teller+%255BPhoto%255D.jpg)
0 Comments