If you want to secure the data on your computer, one of the most important steps you can take is encrypting its hard drive. That way, if your laptop gets lost or stolen—or someone can get to it when you're not around—everything remains protected and inaccessible. But researchers at the security firm F-Secure have uncovered an attack that uses a decade-old technique, which defenders thought they had stymied, to expose those encryption keys, allowing a hacker to decrypt your data. Worst of all, it works on almost any computer.
To get the keys, the attack uses a well-known approach called a "cold boot," in which a hacker shuts down a computer improperly—say, by pulling the plug on it—restarts it, and then uses a tool like malicious code on a USB drive to quickly grab data that was stored in the computer's memory before the power outage. Operating systems and chipmakers added mitigations against cold boot attacks 10 years ago, but the F-Secure researchers found a way to bring them back from the dead.
In Recent Memory
Cold boot mitigations in modern computers make the attack a bit more involved than it was 10 years ago, but a reliable way to decrypt lost or stolen computers would be extremely valuable for a motivated attacker—or one with a lot of curiosity and free time.
"If you get a few moments alone with the machine, the attack is a very reliable way to extract secrets from the memory," says Olle Segerdahl, principal security consultant at F-Secure. "We tested it on a number of different makes and models and found that the attack is effective and reliable. It's a bit invasive because it involves unscrewing the case and connecting some wires, but it's pretty quick and very doable for a knowledgable hacker. It's not super technically challenging."
Segerdahl notes that the findings have particular implications for corporations and other institutions that manage a large number of computers, and could have their whole network compromised off of one lost or stolen laptop.
'It's pretty quick and very doable for a knowledgable hacker.'
Olle Segerdahl, F-Secure
To carry out the attack, the F-Secure researchers first sought a way to defeat the the industry-standard cold boot mitigation. The protection works by creating a simple check between an operating system and a computer's firmware, the fundamental code that coordinates hardware and software for things like initiating booting. The operating system sets a sort of flag or marker indicating that it has secret data stored in its memory, and when the computer boots up, its firmware checks for the flag. If the computer shuts down normally, the operating system wipes the data and the flag with it. But if the firmware detects the flag during the boot process, it takes over the responsibility of wiping the memory before anything else can happen.
Looking at this arrangement, the researchers realized a problem. If they physically opened a computer and directly connected to the chip that runs the firmware and the flag, they could interact with it and clear the flag. This would make the computer think it shut down correctly and that the operating system wiped the memory, because the flag was gone, when actually potentially sensitive data was still there.
So the researchers designed a relatively simple microcontroller and program that can connect to the chip the firmware is on and manipulate the flag. From there, an attacker could move ahead with a standard cold boot attack. Though any number of things could be stored in memory when a computer is idle, Segerdahl notes that an attacker can be sure the device's decryption keys will be among them if she is staring down a computer's login screen, which is waiting to check any inputs against the correct ones.
Because of the threat posed by this type of attack, Segerdahl says that institutions should keep careful track of all their devices so they can take action if one is reported lost or stolen. No matter how big an organization is, IT managers need to be able to revoke VPN credentials, Wi-Fi certificates, and other authenticators that let devices access the full network to minimize the fallout if a missing device is compromised. Another potential protection involves setting computers to automatically shut down when idle rather than going to sleep and then using a disk encryption tool—like Microsoft's BitLocker—to require an extra PIN when a computer turns on, before the operating system actually boots. This way there's nothing in memory yet to steal.
If you're worried about leaving your computer unsupervised, tools that monitor for physical interactions with a device—like the Haven mobile app and Do Not Disturb Mac application—can help notify you about unwanted physical access to a device. Intrusions like the cold boot technique are often called "evil maid" attacks.
The researchers notified Microsoft, Apple, and Intel about their findings. Microsoft has released updated guidance on using BitLocker to manage the problem. “This technique requires physical access. To protect sensitive info, at a minimum, we recommend using a device with a discreet Trusted Platform Module (TPM), disabling sleep/hibernation and configuring bitlocker with a Personal Identification Number,” Jeff Jones, a senior director at Microsoft said.
Segerdahl says, though, that he doesn't see a quick way to fix the larger issue. Operating system tweaks and firmware updates could make the flag-check process more resilient, but since attackers are already accessing and manipulating the firmware as part of the attack, they could simply downgrade updated firmware back to a vulnerable version. As a result, Segerdahl says, long term mitigations require physical design changes that make it harder for an attacker to manipulate the flag check.
Apple has already created one such solution through its T2 chip in new iMacs. The scheme separates certain crucial processes on a dedicated, secure chip away from the main processors that run general firmware and the operating system. Segerdahl says that though the renewed cold boot attack works on most Macs, the T2 chip does successfully defeat it. An Apple spokesperson also suggested that users could set a firmware password to prevent unauthorized access, and that the company is exploring how to protect Macs that don't have a T2. Intel declined to comment on the record.
"This is only fixable through hardware updates," says Kenn White, director of the Open Crypto Audit Project, who did not participate in the research. "Physical access is a constant cat and mouse game. The good news for most people is that 99.9 percent of thieves would just sell a device to someone who would reinstall the OS and delete your data."
For institutions with valuable data or individuals carrying sensitive information, though, the risk will continue to exist on most computers for years to come.