What you need to know about the newest Cold Boot exploit

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Cold boot attacks

Kim Crawley

The cybersecurity industry is all abuzz over a recently discovered and very scary exploit, a new devastating Cold Boot vulnerability. Cold Boot attacks occur when sensitive data is available for cyber attackers to copy from a computer’s RAM because the machine wasn’t shut down properly, such as through an ACPI cold boot or hard shut down after the system powers off. Now a new cold boot exploit has been found and people are understandably concerned. There’s good news and bad news about it.

Don’t you want to read the good news first? Here it is. Cold Boot attacks have been largely prevented through security hardening since their initial discovery in 2008. Most PCs that OEMs have produced since then are careful to remove data from RAM during the shutdown process. And in order for a cyber attacker to exploit this recently discovered Cold Boot vulnerability, they need physical access to the target machine and about five minutes to perform the attack. So this attack cannot be conducted over the internet and the cyber attacker can’t do it instantaneously. There’s a bit of a time window to catch them in the process.

Now’s the time for me to be a Debbie Downer. Here’s the bad news. This newly discovered vulnerability affects the majority of PCs, including those produced after 2008. It even affects PCs that have been produced this year. Most modern laptops are vulnerable, including models from Lenovo, Dell, and even Apple. Laptops from HP, Toshiba, Sony, and many other popular OEMs are probably affected too. The only recent MacBooks and iMacs that are safe from the recently discovered exploit are those with a T2 chip. According to Apple, iMac Pros and MacBook Pros from 2018 have the T2 chip. If your Apple Mac model doesn’t have “Pro” in its name, or if it does have “Pro” in its name but it predates 2018, it’s probably still Cold Boot vulnerable. The data that a cyber attacker can acquire from an affected Windows OEM or Mac’s RAM could contain very, very sensitive information, such as authentication data and cryptographic keys – even if you encrypt your hard drive through your operating system. That sort of data can be used by a cyber attacker to help establish administrative access to your computer and possibly to your local network as well. There are many possibilities for destruction if that sort of data falls into the wrong hands. A cyber attacker can acquire the data with physical access to your machine if you put it into sleep mode. Only a total shut down or hibernate may be safe. The security hardening performed since 2008 really only works reliably if a total shutdown or hibernate is performed. That’s the big, scary news in a nutshell.

Security consultant Olle Segerdahl said:

“It’s not exactly easy to do, but it’s not a hard enough issue to find and exploit for us to ignore the probability that some attackers have already figured this out. It’s not exactly the kind of thing that attackers looking for easy targets will use. But it is the kind of thing that attackers looking for bigger phish, like a bank or large enterprise, will know how to use.”

Security hardening against this exploit is going to be really tricky, a major uphill battle. There’s no patch so far. Segerdahl added:

“When you think about all the different computers from all the different companies and combine that with the challenges of convincing people to update, it’s a really difficult problem to solve easily. It will take the kind of coordinated industry response that doesn’t happen overnight. In the meantime, companies will need to manage on their own.”

Until a patch can be deployed, security researchers recommend that all affected PCs be put into hibernate or shut down when unattended by the user. Windows users should be required to enter their BitLocker PIN when they boot or restart their PCs. Microsoft has a page with a list of BitLocker countermeasures that can be deployed to make Windows PCs a little more secure.

Olle Segerdahl presented these worrisome findings during a Swedish conference on September 13th. More information may be presented at Microsoft’s security conference on September 27th.

The post What you need to know about the newest Cold Boot exploit appeared first on Comodo News and Internet Security Information.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Comodo
Comodo Cybersecurity is a global innovator of cybersecurity solutions, and a division of Comodo Security Solutions Inc. For over 20 years, Comodo Cybersecurity has been at the forefront of successfully protecting the most sensitive data; and today, we deliver an innovative cybersecurity platform that renders threats useless across the LAN, Web & Cloud. Comodo Cybersecurity’s ongoing mission is to protect what matters most, while enabling businesses and customers to confidently accept risk in a world where preventing all attacks is impossible.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?