F-Secure security researchers rediscovered the cold boot attack, which affects almost all modern computers, allowing hackers of physical access devices to exploit the vulnerability to steal sensitive information from locked devices. Classic cold boot attacks can take data stored in the computer’s memory because some confidential information is temporarily stored in memory after a forced restart.
Most computers today contain security measures to remove data stored in memory to prevent hackers from stealing sensitive information. Researchers at F-Secure have found ways to turn off security measures and use the cold boot to extract data.
“It’s not exactly easy to do, but it’s not a hard enough issue to find and exploit for us to ignore the probability that some attackers have already figured this out. It’s not exactly the kind of thing that attackers looking for easy targets will use. But it is the kind of thing that attackers looking for bigger phish, like a bank or large enterprise, will know how to use,” said F-Secure Principal Security Consultant Olle Segerdahl, one of the researchers.
Compared to the classic cold start attack, the new method requires extra steps, but it can effectively attack all modern computers tested by researchers.
There are currently no patches to fix new vulnerabilities. The researchers suggested adjusting the settings to let the computer automatically shut down or hibernate after turning off the screen instead of going into sleep mode.