F-Secure video demonstration of cold boot attack

Cybersecurity company F-Secure published findings and a demonstration of cold boot attack. This particular attack has been around for a decade – but there’s a slight twist – as the researchers have discovered a way around one of the safeguards used to stop this.

Almost all modern computers are potential targets of a firmware hacking technique called the “cold boot attack”. With physical access to a device; a hacker can use this attack to gain access to sensitive data.

One safeguard to stop this was to overwrite the contents of the RAM when the power was restored to the device. This is what the technique focuses on – as they’ve figured out a way to disable the overwrite feature by physically manipulating the computer’s hardware. Using a simple tool, the F-Secure security researches worked out how to rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices. Cold boot attacks can then be carried out by booting a special program off a USB stick.

“We are convinced that anybody tasked with stealing data off laptops would have already come to the same conclusions as us,” said security consultant Olle Segerdahl.
He warned that a successful attacker can steal “anything that happens to be in memory,” such as passwords and corporate network credentials.
Watch the video above to see how it works.