Posted Monday 19th January 2009 16:14 GMT
Disabling booting from anything other than internal hard disk, locking the BIOS with a password be circumvented for cold boot attack?
Posted Monday 19th January 2009 16:37 GMT
Getting round BIOS passwords is easy...! There's several methods that your average 14 year old would probably know. I'll leave out the details, it's not hard to find them out if you fancy doing a bit of research.
Posted Monday 19th January 2009 16:37 GMT
Open the case, whip out the RAM, stick it in your computer next to it, and use that to extract the keys. Even if you don't have your own computer with you, chilling the ram gives you a window of 20 mins - an hour to get it into a new computer. You can achieve this cooling by using an aerosol, upside soen (Most commonly mentioned in the proof of concepts is a can of compressed air)
Posted Monday 19th January 2009 16:37 GMT
Stick the key-grabbing distro on a sata/ide disk sporting a cable, take the side off the machine, flick power and quickly swap drive cables?
This might be more feasible with two people : one standing by with the drive cable and the other by the power switch.
Posted Monday 19th January 2009 16:38 GMT
By removing the RAM modules and putting them in another computer, of course.
Posted Monday 19th January 2009 17:07 GMT
er, fairly easily?
Freeze the RAM chips, pop 'em out (a hammer will get you access, if you haven't got anything more useful) and then pop 'em into another machine to analyse?
Could even make a small RAM copier which would support various RAM module formats and take a copy of the data onto a built in HDD or something. Probably not very hard to do.
Posted Monday 19th January 2009 17:07 GMT
You could just lock the door to your office?
Paris - Cold boot? Joke? Anyone?
Posted Monday 19th January 2009 21:17 GMT
How about encrypting the key in ram, storing the new encryption key in CPU cache, or using some form of system-id as the encryption key key?
Posted Monday 19th January 2009 21:19 GMT
they have a solution to this problem, I was losing sleep at night worrying about this style of attack.
Posted Tuesday 20th January 2009 01:34 GMT
I've solved the problem. I've now electrified my computer case and also filled the insides with barbed wire and thermite....now it wont turn on though :( I wonder why....
Posted Wednesday 21st January 2009 13:47 GMT
Why not just build some extra functionality into the RAM modules that when the power supply to the module sags below a pre-determined voltage, it clears a register in the chip that forces a return of 0x00000000 on any memory that has not been written to since powering-up.
Something along this line would kill these cold boot attacks dead since you can't read the value of a memory address until it's been written to.
The only way I can see to get around this, you would need to supply a constant source of power to the module so it doesn't flag the memory as powered-off, and then you would need to some how provide a DRAM refresh cycle while the RAM is removed from the PC which isn't something you are gunna be able to do quickly and/or easily!
*Grabs his coat and heads to the patent office!
Sign up, sign up for The Register's weekly IT security newsletter - click here
Back to the article
