X

Almost 'all modern computers' affected by cold boot attack, researchers warn

The attack would allow potential hackers to steal sensitive information stored on your RAM.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
2 min read
A model holds a Microsoft Surface laptop

Microsoft said it's updated its software to stop the attack.

Microsoft

Security researchers have discovered a flaw with nearly all modern computers that allow potential hackers to steal sensitive information from your locked devices. 

The attack only takes about five minutes to pull off, if the hacker has physical access to the computer, F-Secure principal security consultant Olle Segerdahl said in a statement Thursday. Cold boot attacks can steal data on a computer's RAM, where sensitive information is briefly stored after a forced reboot.

These attacks have been known since 2008, and most computers today have a safety measure where it removes the data stored on RAM to prevent hackers from stealing sensitive information. It's also not a common threat for the average person, since both access to the computer and special tools -- like a program on a USB stick -- are needed to carry out the attack.

But Segerdahl and researchers from F-Secure said they've found a way to disable that safety measure and extract data using cold boot attacks. 

"It takes some extra steps compared to the classic cold boot attack, but it's effective against all the modern laptops we've tested," he said in a statement. 

There's no immediate fix available for the new vulnerability, F-Secure said. The cybersecurity company recommends that you configure your laptops to automatically shut down or hibernate instead of having it enter sleep mode when you close your screen. 

The company said it's contacted Microsoft, Intel and Apple about its discovery. Intel didn't respond to a request for comment. 

"This technique requires physical access. To protect sensitive info, at a minimum, we recommend using a device with a discreet Trusted Platform Module (TPM), disabling sleep/hibernation and configuring BitLocker with a Personal Identification Number (PIN)," Jeff Jones, a senior director at Microsoft, said in a statement.

Microsoft told ZDNet that it's updating its BitLocker guidance, while Apple said all devices using a T2 chip aren't affected. 

F-Secure's researchers presented their findings at a conference in Sweden on Thursday, and are set to present it again at Microsoft's security conference on Sept. 27. 

For more on the vulnerability, read the full details on our sister site ZDNet.

First published Sept. 13, 10:45 a.m. PT.
Updated at 12:01 p.m. PT:
With comments from Microsoft.

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.

Taking It to Extremes: Mix insane situations -- erupting volcanoes, nuclear meltdowns, 30-foot waves -- with everyday tech. Here's what happens.