U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Flaws in firmware expose almost any modern PC to Cold Boot Attacks

New Firmware Flaws Resurrect Cold Boot Attacks A team of security researchers demonstrated that the firmware running on nearly all modern computers is vulnerable to cold boot attacks. A team of experts from cybersecurity firm F-Secure has discovered security flaws affecting firmware in modern computers that could be exploited by hackers to carry out cold boot […]

Cold-Boot-Attack

New Firmware Flaws Resurrect Cold Boot Attacks

A team of security researchers demonstrated that the firmware running on nearly all modern computers is vulnerable to cold boot attacks.

A team of experts from cybersecurity firm F-Secure has discovered security flaws affecting firmware in modern computers that could be exploited by hackers to carry out cold boot attacks and recover sensitive data from the memory of the affected machines.

The attack devised by Olle Segerdahl and Pasi Saarinen leverages physical changes to the target hardware.

cold boot attack is a type of side channel attack that allows an attacker with physical access to the target system to retrieve sensitive data (i.e. encryption keys, passwords) from a running operating system after using a cold reboot to restart the machine.

“Cold boot attacks are a known method of obtaining encryption keys from devices. But the reality is that attackers can get their hands on all kinds of information using these attacks. Passwords, credentials to corporate networks, and any data stored on the machine are at risk,” reads the blog post published by the experts.

Cold Boot Attacks

The attack is possible because the data can remain in memory for a variable time and an attacker can retrieve them by accessing the memory after a cold reboot. The permanence of data in memory could be extended up to hours by cooling memory modules.

Experts from F-Secure discovered vulnerabilities affecting computers from several major vendors, including Dell, Lenovo, and Apple.

The bad news is that it is impossible to fix such flaws in the affected machines.

The experts at F-Secure demonstrated that hardware changes could be exploited by an attacker to disable the feature that overwrites memory after a reboot, and configure the computer to boot from an external device.

“The two experts figured out a way to disable this overwrite feature by physically manipulating the computer’s hardware.” continues the blog post.

“Using a simple tool, Olle and Pasi learned how to rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices. Cold boot attacks can then be carried out by booting a special program off a USB stick.” 

The experts demonstrated that it is possible to carry out the attack using a specially crafted USB device that contains the code to dump the content of the pre-boot memory to a file.

The security duo speculates that the attack can be effective against nearly all modern laptops.

“It’s not exactly easy to do, but it’s not a hard enough issue to find and exploit for us to ignore the probability that some attackers have already figured this out,” Segerdahl explained. “It’s not exactly the kind of thing that attackers looking for easy targets will use. But it is the kind of thing that attackers looking for bigger phish, like a bank or large enterprise, will know how to use.”

A possible mitigation consists of configuring devices to shut down or hibernate instead of sleeping when they’re not used. Windows users have to configure BitLocker that asks for a PIN whenever the computers power up.

Even implementing these measures, an attacker could still perform a cold boot attack but cannot access encryption keys because they aren’t stored in the RAM when a machine hibernates or shuts down. This means that here’s no valuable info for an attacker to access.

“A quick response that invalidates access credentials will make stolen laptops less valuable to attackers. IT security and incident response teams should rehearse this scenario and make sure that the company’s workforce knows to notify IT immediately if a device is lost or stolen,” said Segerdahl. “Planning for these events is a better practice than assuming devices cannot be physically compromised by hackers because that’s obviously not the case.” concludes the experts.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – cold boot attacks, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]