Cold Boot Attack – A risk to our information

While you use a computer, all the information that is manipulated is temporarily written in the RAM memory: texts, saved files, but also passwords and encryption keys. The more recent the activity, the more likely its content is still in RAM. When a computer is turned off, data in RAM disappears quickly, but can remain in RAM for up to several minutes after shutting down. An attacker who has access to a computer before it disappears could recover important information about your previous session. This can be achieved thanks to a technique called Cold Boot Attack.

Although the Cold Boot attack is not new and seemed to be corrected, the security researchers dedicated to the investigation of these risks, claim to have managed to carry out the attack on several computers successfully by exploiting a vulnerability in the way computers protect the computer.

The researchers also warn that this error exists in most computers today and although the attacks are cold, they are not easy to carry out. Attackers must have consistent and reliable time and ways to compromise target computers, as physical access to the computer in question and appropriate tools must be available.

The experts assure that the error has no easy solution and that each manufacturer will have to deal with the problem. Even so, for our peace of mind Microsoft and Apple have said they are working on a joint solution in addition, although right now there is no official patch, the Redmon have updated their countermeasures with BitLocker. For their part, those of the apple, have updated their safety recommendations.

Although these cold memory attacks are not a commonly used technique, it can still be good to be prepared against them, especially companies that handle sensitive information. If a cold memory attack does not occur right after shutting down, the RAM is emptied in a few minutes and all data is gone.

Other reads:
What you should know about zero-day attacks
Rootkit – What you should know about it?

---