back to article You'll never guess what you can do once you steal a laptop, reflash the BIOS, and reboot it

If you can steal someone's laptop, leave it switched on in sleep mode, crack it open, hook up some electronics to alter settings in the BIOS firmware, restart it, and boot into a custom program... you can swipe crypto keys and other secrets from the system. When computers are restarted, the motherboard firmware can wipe the …

  1. TReko

    You gotta be fast

    DRAM will also fade out, so you have to act fast, how fast depends on temperature - note the coolant spray used in the video.

    Modern Windows apps also should store passwords etc in secure storage provided by the OS, which is encrypted.

    Windows 10 also compresses the RAM pages, which I guess was disabled to make this attack easier.

  2. Wzrd1

    Re: You gotta be fast

    Modern Windows apps also should store passwords etc in secure storage provided by the OS, which is encrypted.

    Rather like writing down the combination to the secure safe, then storing it inside of said safe.

    I've actually witnessed someone do just that. I acidly corrected the individual and told them to use the other secure safe.

    I say secure safe within a specific context, as it has very specific ratings and itself is inside of a secure facility, inside of a specially rated vault that has 24/7 monitoring via multiple methods.

  3. The Alphabet

    If you want absolute security then the laptop should have a kill switch that automatically erases all the things including any USB devices, repeatedly, until the battery dies, if you are not physically touching the unit after 60 seconds.

    It might make having a shower and sleeping difficult, but security is more important than such trivial things.

  4. Danny 14 Silver badge

    or just aet the GPO to disable fast boot. That clears thingsbon the way out and cold starts.

  5. JimmyPage Silver badge
    Stop

    Security vs. convenience

    It's possible to devise a chip that can fry it's own circuits - say if the wrong passcode is entered (or entered twice ...)

    The reason such chips haven't been developed is because despite offering Hollywood-blockbuster levels of security, the first time one ACTUALLY fried itself, and some moronic user puts on their Daily Mail sadface with a headline about how they "lost" £1,500 simply because the entered the wrong passcode (or their darling brat did) and it's game over. So no point in spending a kings ransom on the R&D only to be told that HP/Dell can't sell a machine with such a feature.

    Those with long enough memories might recall the "scandal" in the 80s of the pisspoor security around cars - bent twig and you're in. After taking repeated pastings, the manufacturers delivered some pretty good security. Of course the first headline was "man stung for £1,500 after losing his key". Security vs. convenience. Guess which won ??????

  6. Fading Silver badge
    Flame

    Re: Security vs. convenience

    POKE 59458,62,

  7. big_D Silver badge

    Re: Security vs. convenience

    @Fading

    Funny, I was just talking about that yesterday with my boss.

  8. Giovani Tapini
    Trollface

    Re: Security vs. convenience

    Thinking about POKE'ing your boss?!?

  9. E net

    Re: Security vs. convenience

    @Fading

    POKE 59458,62,

    Wow we learn something "old" every day :)

  10. Brian Miller Silver badge

    Re: Security vs. convenience

    The reason such chips haven't been developed...

    No, such chips have been developed, and are commercially available. I work with a number of processors that will happily brick themselves, very nearly on the old "BBIL" (branch on burnt-out indicator light) instruction. One chip I work with has counters, which will cause the device to brick when they hit zero. It also has an array of "fuses" which, you guessed it, when they're all "burned" will cause the device to brick. And of course it's deliberately horribly sensitive to all sorts of environmental fluctuations.

    And the chip costs 23 cents in quantities of 1,000.

    You are right that the executives wouldn't go for it. I know: on occasion I had to support the sales VP, who just "couldn't" allow a reboot on his machine because the spreadsheet would close. Um, yeah.

  11. Danny 14 Silver badge

    Re: Security vs. convenience

    samsung KNOX works exactly like that. And is in every samsung phone for years. Early ones could be tricked into not tripping. new ones not so much.

  12. Wzrd1

    Re: Security vs. convenience

    The reason such chips haven't been developed is because despite offering Hollywood-blockbuster levels of security, the first time one ACTUALLY fried itself, and some moronic user puts on their Daily Mail sadface with a headline about how they "lost" £1,500 simply because the entered the wrong passcode (or their darling brat did) and it's game over.

    I own several Ironkey devices, which do precisely that. They're also designed to brick if cut into.

  13. Wzrd1

    Re: Security vs. convenience

    SYS 64738

  14. Charles 9 Silver badge

    Re: Security vs. convenience

    Thing is, how many calls come in for bricked devices due to simple wear and tear or forgetfulness. Would also hate to think World War III could hinge on things like these...

  15. Bibbit

    F-Secure's Olle Segerdahl and Pasi Saarinen...

    Demonstrates two guys that need to get out more. Is 'hibernate' still a thing? I do not see it on many machines myself. Then again, I am a freak who does proper shutdowns rather than sleeps.

    Kudos for the Mr Freeze pic, El Reg. Reminds me of yet another time Arnie was robbed of an Oscar.

  16. Anonymous Coward
    Anonymous Coward

    Re: F-Secure's Olle Segerdahl and Pasi Saarinen...

    "Arnie was robbed of an Oscar".

    Funniest comment on the thread.

  17. Anonymous Coward
    Anonymous Coward

    Re: F-Secure's Olle Segerdahl and Pasi Saarinen...

    Chill out

  18. mark l 2 Silver badge

    I always shutdown my laptop after I have finished using it, but then again my laptops battery is pretty knackard so it only last about 15 mins off the mains, so putting it into sleep would probably mean I would come back to find I would have to cold boot anyway when the battery eventually ran out.

    To be honest 99.9% of the time when your laptop is stolen it is by some some petty criminal who is looking to sell it on to make a few quid. If they find it is asking for passwords they cannot easily bypass they will probably just throw it in the nearest bin and go and nick another one. They are very unlikely to have the skills to do any of the stuff that is mentioned in the article, as if they could they probably wouldn't be going around nicking laptops but have well paid consulting jobs.

  19. Anonymous Coward
    Anonymous Coward

    yawn... what, infosec advisement?

    Oh... lol. "Sleep" function.

    Yeah, we turned that off a Millennia ago...

    "where's my teddy"?....

    yawn.

  20. CrysTalK

    Use of digest and or checksums

    I also shutdown after each use, and everytime I bootup I need to enter 4 different passwords to get a working environment. First is HDD BIOS password, then BIOS System password, then GRUB menu password (SHA512), then Windows logon password, then some private archives were also encrypted. This is just a personal laptop with nothing to protect except my daughters photos and some banking PDF files which are also password-protected by the bank itself.

    On the othe rhand, I think any type of encryption used by the owner on his/her documents and private stuff would make this types of cold b oot attack useless. Even zip encryption or .7z compression with strong crypto would defend against this cold boot attack, as long as the password is not stored in any plaintext documents sitting on the filesystem.

  21. tentimes

    Re: Use of digest and or checksums

    I suspect then that you are in fact a paranoid schizophrenic.

  22. steve 124

    OMG we're all skrude!!!

    <running around with hair on fire>

    The End is here! The End is here!

    My only thoughts on this are, if you're worried enough to encrypt your hard drive, why in the world would you put your laptop into sleep mode instead of turning it off? That's just retarded.

    <pours beer on head>

    Nothing more to see here folks... move along.

  23. Voyna i Mor Silver badge

    Re: OMG we're all skrude!!!

    I tend to agree. The message from work like this should simply be "These are good security practices, follow them because you don't know what might happen if you don't."

    Some of them are a bit like "If you go into the red light district of an unfamiliar city unaccompanied and a dodgy looking character asks if you want to go down a long dark alley to meet his sister, you might not be going to meet an attractive, 18 year old, disease free nymphomaniac." It may be interesting in a Schadenfreudian way to read about people who did, but at some point someone is going to say "couldn't this just be generalised into "don't go down dark alleys in red light districts".

    This is quite different from things like Spectre, of course, which doesn't have a simple, obvious mitigation like "turn off when not using and keep secure when off site".

  24. Alistair Silver badge
    Windows

    Re: OMG we're all skrude!!!

    @steve 124:

    so -- with wasting a beer, you're now to be known as steve 123?

  25. jelabarre59 Silver badge

    even simpler

    The most effective workaround this problem is not to have anything on your laptop worth stealing (or at least not worth the effort this would take)

  26. Charles 9 Silver badge

    Re: even simpler

    Except the laptop itself I'd often worth taking. For parts, if nothing else...

  27. drewzilla79

    The Cold Shoulder?

    Came for Mr. Freeze puns. Leaving disappointed.

  28. diodesign (Written by Reg staff) Silver badge

    Re: The Cold Shoulder?

    There, added a couple in the caption.

    C.

  29. onefang

    Re: The Cold Shoulder?

    I thought I provided one yesterday?

  30. Gene Cash Silver badge
    Facepalm

    Linux is far more secure

    Linux has built-in defenses against this.

    When I put my laptop in sleep or hibernate, it just crashes.

  31. Anonymous Coward
    Anonymous Coward

    Does this work on Chromebooks? I do not think it does, but I may be wrong.

  32. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921

    Basic Input Output System - that's what we need but what my new motherboards all seem to have is a damn operating system of it's own which often makes - undocumented - bloody decisions about which default boot device to use. I'd prefer feature-poor BIOSs.

  33. Charles 9 Silver badge

    Wasn't the problem, though, that they were SO feature-poor that programs routinely bypassed them and went straight to the metal?

  34. 2Fat2Bald

    For me, sleep/hibernate/suspend are for walking from one meeting to another. Or Possibly to preserve battery life when you're going AFK for a bit. They're not for making sure your PC pops up as you left it the following day. People do that and then complain when their PC runs slowly and takes 30 minutes to reboot when it finally, finally, finally gets to patch. Memory leaks are still a thing, I'm afraid.

  35. Xenu

    Re: Trump has become more deranged

    very old. you even acknowledge it's old news... so why print it again?

  36. Aseries

    Hybrid Sleep

    I use HYBRID SLEEP with Windows 10. Let the machine sleep and after a preset time it puts itself in hibernation.

  37. Selden

    Aside from the sheer unlikelihood of this scenario, no mention of Chromebooks. Even if someone can reflash the BIOS, everything stored on a Chromebook is encrypted, so there is no data vulnerability. The worst that can happen is the that thief powerwashes it, which destroys all data, then sets it up for his own use.

    Reference: https://chrome.googleblog.com/2011/07/chromebook-security-browsing-more.html

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018