Cold Boot Attack: How to Protect Computer From being Attacked
What is Cold Boot Attack?
Cold boot attack is a process of obtaining unauthorized access to the computer security by the attacker. Which leads to a memory dump of a computer’s random access memory by hard reset of the target machine.
During a cold boot attack, hackers with physical access to the computer can retrieve the encrypted data that is stored in SRAM and DRAM for sometime.
Cold boot attack is basically a method to obtain encryption keys from the devices, but in reality attackers can get hands on all this information or data using the attacks. Any credential and corporate data, password stored in the devices can be stolen.
How does cold boot attack affect our computers?
When an attacker forces a computer system to reset or reboot so that it can steal the data stored in RAM. Cold boot attacks generally target random access memory, full disk encryption schemes and even with trusted platform modules installed are ineffective towards these types of attacks. It is because of its hardware issue not due to software.
According to security research, New form of cold boot attack that can interfere with the computer through a firmware so that it can disable the security measure, steal sensitive information such as password, data or any corporate files.
How to protect computers from cold boot attacks?
To prevent the data from cold boot attack, RAM should be overwritten by random data during shutting down the tails. This will erase all the traces from your recent activity.
Attackers have physical access to the computer while the tail is running that can recover the data from RAM too. To protect this we should try different methods of shutdown.
Microsoft responded to the attack by updating the BitLocker Guidance,while Apple responded by saying that all the devices using T2 chips are not vulnerable. Microsoft recommended the systems administrators that all the company shut down or not enter to sleep mode and require users to enter the BitLocker PIN whenever restore or power up their computers.
Since a cold start attack can be used to easily perform a memory dump, please store sensitive data in RAM. such as the encryption key used for full disk encryption is not secure. Various solutions have been proposed for storing the encryption key in an area other than the random access memory. Although these solutions can reduce the chance of full disk encryption being compromised, they cannot protect other sensitive data stored in memory.
Cold boot attack can be protected by ensuring no keys remain in RAM. This can be achieved by using a fully encrypted hard drive, where the encryption key is stored on different hardware than the hard drive.
Summary: Cold boot attack that is unauthorized access to a computer where data stored in RAM is being stolen by some attacker. That can be protected from the attack by RAM should be overwritten by some random data during shutting down the tails. This will erase all the traces from the computer. At last I will suggest you must use some strong password during shutdown and don’t leave the system in sleep mode. You can also have some Antivirus security into your computer. Thanks!