undefined | Better HN

0 pointsgizmo68612y ago0 comments

Even without this type of PCI attack, you still have to worry about a cold boot attack. This is were the attacker quickly power-cycles the computer to boot into another OS (or special purpose boot code), and performs a memory dump. Often times the power cycles quickly enough that useful amounts of data remain in the RAM. This attack can be made more effective if you can get physical access to the RAM and cool it.

As most (if not all) disk encryption programs store an expanded version of the key in memory, there is significant redundancy to recover from the partially lost data.

0 comments

3 comments · 1 top-level

coldtea12y ago· 2 in thread

>This is were the attacker quickly power-cycles the computer to boot into another OS (or special purpose boot code), and performs a memory dump. Often times the power cycles quickly enough that useful amounts of data remain in the RAM. This attack can be made more effective if you can get physical access to the RAM and cool it.

Has anybody ever did this to someone?

Outside of Bond movies?

gizmo686OP12y ago

https://citp.princeton.edu/research/memory/

A few years ago, I tried this on my own laptop. I didn't have any sort of full disk encryption to test against, so I simply checked the RAM dump for plaintext looking things. Without having cooled the RAM (or opened the computer at all), there was a significant amount of meaningful plain-text. If you are interested in actual data about how effective this is, you should probably ignore my antecedent and look at the research paper in the above link.

Given how easy this attack is for its effectiveness, I would be suprised if it is not used.

EvanAnderson12y ago

It has been demonstrated publicly.

http://www.youtube.com/watch?v=Y_70UC0tPUU

j / k navigate · click thread line to collapse