May 13

Sleep Mode Is Vulnerable to Cold Boot Attacks!

Research indicates putting your computer to sleep is not exactly the best idea in the context of cybersecurity. Instead, computer experts are insisting it is better to shut the computer down or let it hibernate. In short, sleep mode settings still leave your computer vulnerable to hackers.

Read on: 3 Reasons Why Endpoint Security Is Essential to the Success of Your Business


Security Problem in Sleep Mode

Finnish researchers at F-Secure, have determined the vast majority of today’s computers are vulnerable to cold boot attacks in which hackers obtain highly sensitive information from the memory of a computer. Cold boots, which are side-channel style attacks that allow miscreants to force a CPU to reset/reboot and pilfer information from its memory, are on the rise. The mere act of forcing the computer to boot up without moving through the shutdown/restart process presents the opportunity to steal sensitive information such as files and passwords. In fact, encryption keys remain for upwards of several minutes, making sleep mode inherently unsafe. Though this attack is slightly different than regular cold boot attacks and requires additional steps, it is quite effective, especially against laptops.

The Finnish researchers referenced above successfully conducted a cold boot attack on several computers including those made by Apple, Lenovo, and Dell. This was accomplished through a modification of hardware and a rebooting of the machine with a USB drive that had software for memory dumping. Cold boot attacks have been in existence for a full decade, yet the majority of CPUs had a security feature that prevented memory contents from being exposed when the system rebooted.

Keep on reading: Endpoint Security Solutions Every SMB Should Know

The Finnish researchers at F-Secure also altered the hardware for feature disablement, meaning hackers can do the same with enough effort, time and dedication. However, hackers would require physical system access along with the specialized tools necessary to harvest information from memory. In particular, laptops with sensitive data or laptops that belong to people who have high-level jobs are most likely to be targeted. The sad truth is hackers can alter hardware to conduct cold boot attacks on just about every type of laptop, regardless of which company makes it.


The Solution

Cybersecurity experts are insisting it is better to completely shut down a computer rather than put it to sleep. If necessary, the computer can be put in hibernation mode. Though cold boot attacks are still possible when powering off the computer or putting it in hibernation mode, both will ensure no information is left lingering within the memory. Companies can also configure laptops so attackers that use a cold boot approach will not find information to steal.

The F-Secure researchers made Apple, Intel, and Microsoft aware of the issue. Microsoft changed its BitLocker guidance, suggesting Windows users can now configure BitLocker to request a PIN at the time when the machine turns on. Though encrypting a hard drive is not a foolproof defense, it reduces the amount of information attackers can obtain. In short, this is a solvable problem yet the industry is not on the same page so a coordinated response is not expected.

Read more: The Top 10 Vulnerabilities in IoT Devices


Cold Boot Attacks Are Preventable

Aside from powering off computers and protecting firmware with the appropriate BitLocker PIN, it is also in the interest of system administrators tasked with cybersecurity duties to create incident response plans that explain exactly what should be done when an attacks occurs.

The hope is that a heightened awareness of cold boots along with the proper preparation will prevent hackers from wreaking more havoc than necessary with effective preventive measures in place.


Tags

cold boot attack


You may also like

2024 Emerging Tech Trends Redefining the Future – Pt. 3

2024 Emerging Tech Trends Redefining the Future – Pt. 3
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Subscribe to our newsletter now!

>