When you want to take a break from your computer, do you simply put it to sleep so you can resume your work at a later time? I know, it's a convenient way to save time, right?
So instead of relaunching your applications and documents all over again, you can quickly wake up your system and instantly continue from where you left off. But how secure is the data of a sleeping computer, really?
According to this new report from our sponsor F-Secure, with the right tools and know-how, a hacker can exploit a sleeping computer and siphon off even your most sensitive and encrypted data. Read on and see how this scary exploit is done.
New cold boot attack
What is a cold boot attack? It's a hacking technique where a hacker will read and steal the temporary data stored in a sleeping computer's RAM.
This type of attack is not new. In fact, back in 2008, researchers found a way to hard reboot a machine and access temporary data from its RAM. This data can include sensitive information like encryption keys, passwords and personal documents that were open before the device was rebooted.
Eventually, software and hardware makers developed protections against cold boot attacks, such as clearing a machine's RAM data after rebooting from a complete shutdown.
Sleep tight and the (computer) bugs will bite
However, according to researchers from F-Secure, they found a new form of the cold boot attack technique and it can be executed on almost all computers. How come? Well, this new technique exploits the way most of us put our computers to sleep rather than turning them off completely after each use.
With a sleeping computer on hand, F-Secure's Olle Segerdahl and Pasi Saarinen devised a way of modifying a computer's BIOS firmware security settings to disable RAM overwriting. After this modification, an attacker can simply boot from an external USB device and read all the data saved on a computer's RAM, including its encryption keys, before it entered sleep mode.
Watch a video demonstration of this new cold boot attack. Note: The video has no sound.
Based on the video demonstration of the attack, the whole process is quite technical and it apparently requires physical access to the target computer. However, a hacker who knows his stuff can do it in a few minutes.
How to protect yourself from cold boot attacks
F-Secure stated that computer vendors don't have an easy fix for this cold boot attack since there's always a way to pull data off a system's RAM.
To limit these types of attacks, users and businesses can employ firmware passwords to prevent the tampering of a system's BIOS settings. If your disk is encrypted with Windows Bitlocker, PIN code re-entry after a computer restore/preboot is also highly recommended.
Additionally, since this attack requires physical access to the target system, keeping your computers in secure locations is a must.
F-Secure also advised that rather than putting your computer to sleep, try putting it in hibernation instead. Although some of your cached RAM data can still be retrieved, encryption keys are cleared from RAM during hibernation.
And finally, your best defense against this type of cold boot attack is to completely shut down your computer after each use.
Update now! Microsoft issues critical security patches for Windows and Flash
If you are a regular reader of Komando.com, you should know by now that Microsoft issues a set of cumulative updates once a month. It is unofficially called Patch or Update Tuesday by tech fans and savvy Windows PC users alike. For September, Microsoft released fixes for 61 security vulnerabilities, including the promised patch for a zero-day flaw we reported on earlier this month. Click here and check out the latest Patch Tuesday patches you can't afford to ignore.