If you want to secure the data on your computer, one of the most important steps you can take is encrypting its hard drive[1]. That way, if your laptop gets lost or stolen—or someone can get to it when you're not around—everything remains protected and inaccessible. But researchers at the security firm F-Secure have uncovered an attack that uses a decade-old technique, which defenders thought they had stymied, to expose those encryption keys, allowing a hacker to decrypt your data. Worst of all, it works on almost any computer.
To get the keys, the attack uses a well-known approach called a "cold boot," in which a hacker shuts down a computer improperly—say, by pulling the plug on it—restarts it, and then uses a tool like malicious code on a USB drive to quickly grab data that was stored in the computer's memory before the power outage. Operating systems and chipmakers added mitigations against cold boot attacks 10 years ago, but the F-Secure researchers found a way to bring them back from the dead.
In Recent Memory
Cold boot mitigations in modern computers make the attack a bit more involved than it was 10 years ago, but a reliable way to decrypt lost or stolen computers would be extremely valuable for a motivated attacker—or one with a lot of curiosity and free time.
"If you get a few moments alone with the machine, the attack is a very reliable way to extract secrets from the memory," says Olle Segerdahl, principal security consultant at F-Secure. "We tested it on a number of different makes and models and found that the attack is effective and reliable. It's a bit invasive because it involves unscrewing the case and connecting some wires, but it's pretty quick and very doable for a