Volt Boot Attack: New Physical Exploit Bypasses Cold Boot Defenses to Steal Secrets from On-Chip SRAM
At first glance, static RAM (SRAM) appeared to be a reliable sanctuary for sensitive data. Embedded directly within the processor die and incapable of retaining information once power is cut, it was long considered impervious to cold boot attacks.
However, a recent study has shattered this illusion of invulnerability. A team of researchers has unveiled a novel attack dubbed Volt Boot, which upends fundamental assumptions about the security of embedded memory. Unlike classical cold boot techniques that require deep cooling and physical freezing, Volt Boot exploits vulnerabilities in the power distribution architecture of modern system-on-chip (SoC) designs, enabling precise extraction of data from caches, registers, and internal memory.
The attack hinges on the physical segmentation of power domains within SoCs—a structure originally introduced to optimize energy efficiency and performance. These domains—memory, cores, and peripherals—can be powered independently. This architectural division allows an attacker to isolate and maintain power to a specific domain while the rest of the system is shut down. By accessing test points on the printed circuit board, an attacker can sustain voltage exclusively to the memory domain, artificially extending the lifespan of SRAM and preserving sensitive data that remains uncleared during a reset.
Executing Volt Boot requires only physical access to the device and an external power source. When the main power supply is cut off via the PMIC, a probe continues delivering voltage to the memory domain, ensuring data retention in SRAM. Unlike traditional cold boot attacks, this method does not rely on extreme cooling; data preservation is governed not by thermal inertia, but by sustained electrical potential.
In controlled experiments, the researchers successfully exploited three widely used ARM Cortex-A–based SoCs: the Broadcom BCM2711, Broadcom BCM2837, and NXP i.MX535. They were able to extract data from L1 caches, SIMD registers, and on-chip RAM with 100% accuracy in the case of caches and registers. Remarkably, even with an operating system actively running, Volt Boot preserved portions of cache content, showcasing the attack’s resilience and reliability.
Cryptographic applications proved especially vulnerable. Following best practices, such systems typically avoid writing secret keys to DRAM, instead storing them in internal registers and cache. Volt Boot bypasses this security model entirely, extracting cryptographic keys intact and rendering ineffective any defense based on the assumption that SRAM is automatically purged upon reboot.
The study further revealed that most modern processors lack strict hardware-level clearing of SRAM during system initialization. Even commands intended to flush caches merely make data inaccessible through standard operations, without truly erasing the content. For an attacker leveraging low-level instructions or debug interfaces like JTAG, this data remains within reach.
To mitigate Volt Boot, the researchers proposed several countermeasures, including mandatory boot image authentication, enforced SRAM zeroization during early boot stages, hardware-level memory scrubbing upon power reset, and the use of TrustZone to safeguard access to critical data. However, such defenses demand considerable architectural overhauls and are generally absent from most consumer-grade devices.
Volt Boot challenges the very notion of trust in on-chip computation. It underscores that a transition to SRAM does not eliminate the threat of physical data extraction if power nuances and the lack of automatic memory sanitation are overlooked. In essence, SRAM is no longer a citadel of security—it merely appears to be, until its power domain falls into the wrong hands.
