Cold Boot Attacks are back – plug a sleeping laptop into some kit and read all the memory, slurp all the passwords

Olle and his fellow cyber security consultant Pasi Saarinen recently discovered a new way to physically hack into PCs. According to their research, this method will work against nearly all modern computers. This includes laptops from some of the world’s biggest vendors like Dell, Lenovo, and even Apple.

And because these computers are everywhere, Olle and Pasi are sharing their research with companies like Microsoft, Apple and Intel, but also the public. The pair are presenting their research at the SEC-T conference in Sweden on September 13, and at Microsoft’s BlueHat v18 in the US on September 27.


Because cold boot attacks are nothing new, there have been developments to make them less effective. One safeguard created by the Trusted Computing Group (TCG) was to overwrite the contents of the RAM when the power was restored.

And that’s where Olle and Pasi’s research comes in. The two experts figured out a way to disable this overwrite feature by physically manipulating the computer’s hardware. Using a simple tool, Olle and Pasi learned how to rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices. Cold boot attacks can then be carried out by booting a special program off a USB stick.

Cold boot attacks are a known method of obtaining encryption keys from devices. But the reality is that attackers can get their hands on all kinds of information using these attacks. Passwords, credentials to corporate networks, and any data stored on the machine are at risk.

Source: The Chilling Reality of Cold Boot Attacks – F-Secure Blog