Threat Watch

Cold-Boot Attack

Researchers have discovered a new cold-boot attack that can steal passwords in less than two minutes. When the machine is in sleep mode, the computer state is saved in RAM (Random Access Memory), which will run at a minimum power state to hold the data. According to researchers, “The critical interval is between powering down the machine and starting it again. Freezing the RAM chips, though, helps preserve the data during this time, allowing booting into a live operating system from a USB stick.” This technique can steal the data in the computer memory, which includes hard drive encryption keys. The attack is “reliable” on Windows-based machines that don’t require a pin or are already running. To prevent the attack, users are advised to configure their laptops to shut down and require a PIN to start when the disk is encrypted.