Mind you we also need to keep pressing on security for the desktop, against ransomware and malicious installs. Again without compromising freedom of choice.
Privacy, freedom, and security advocates seem to have opposing and wholly incompatible goals when it comes to technology.
This attack is possible because the NVRAM is overwriteable.
In order to mitigate this attack, you a manufacturer would need to make NVRAM non-NV or add an security device like Apple's T2 chip. Or encrypt the NVRAM and (to prevent a key management nightmare brought about by having millions of users) keep the keys private, in which case all of the haxxors would be crying "they're locking us out of our own hardware!"
But adding a security device attacks "freedom".
10 PRINT "Having the vulnerability is bad."
20 PRINT "But adding security attacks freedom."
30 GOTO 10
There was a HN article a while ago about how manufacturers were dumb and we were all going to die because of Thunderbolt and PCIe security flaws where attackers could sniff traffic on the bus.
I was just like "no shit, you've been able to do that forever, that's the point of busses and locking them down will just speed the Applefication of computing".
Back in "THE GOOD OLD DAYS" when men were men and computers were free and open they had god damned card-edge connectors sticking out of the back of the case which gave anyone within arms reach of the machine direct and unrestricted access to the CPU lines.
You cannot have closed openness.
If you're carrying nuclear codes then yeah, you should be worried about these attacks. If you're security officer for a small company then you probably have a long list of things to worry about before you have to consider cold boot vulnerabilities.
Furthermore if you're worried about an attacker having physical access to your computer what about simply installing a keylogger or a device that broadcasts your display for instance? That seems massively easier and faster to pull off than the attacks described here.
Do you have laptops? Do you keep any personal data on them? Are you subject to GDPR? Then you do need to worry at least somewhat: https://www.databreachtoday.com/data-breach-another-stolen-l...
If the San Bernadino terrorists shut down their phones before their murderous rampage, or if they ran out of battery before the FBI got into their house, sorry, no cold boot for you.
Cold boot only works if you have physical access to the unlocked, powered-on, in-use device. The "data ghost" in memory that cold boot attacks take advantage of is only there for seconds.
If cold boot attacks only work against unlocked devices, that makes a lot of sense. But if they work against locked but powered devices, that would be quite possible for LE to exploit in most cases (just carry a battery pack).
It depends. Regular user in most of the world is pretty happy with $50-100 MTK-based chinaphone with 5.5" screen and 2GB of RAM - even with factory preinstalled trojans.
With all the talk I hear about "cache being the new RAM", since it's so much faster, particularly the L1, it sounds like it would make sense to have some transparent encryption going on. A random key generated at power on, then kept inside the CPU, and instantly lost at power off, would be enough to secure the contents of DIMMs against attacks like this.
How many backdoored CPU attacks have you heard of before?
If you need protection against that, might as well live inside a vault.
Older than that. E.g. Pettersson's talk at CCCamp 2007.
There are things you can do to mitigate this problem, but once someone has physical access to a computer they have many pathways to gaining access to data and control.
1) I got access to you hardware and I want to extract data from it
2) I got access to your hardware and I get to give it back to you and you continue using it as if nothing happened
What I'm worried about is closing these holes while preserving the ability to run whatever software I want.
And also preserving the ability to provide consistent instruction to people on how to install other operating systems. In other words if every laptop has a different magic keyboard sequence to bypass boot security it's going to be a pain to write the Debian install instructions.
Unfortunately this is against many enterprise policies for desktops, because they like to apply updates during off-hours and need the computers to be on (or at least able to wake up from sleep) to do that.
For laptops, you should configure them to hibernate when the lid is closed, not just sleep.
> Using a simple tool, Olle and Pasi learned how to rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices
The phrasing is confusing in that had they find a way to switch 'boot from USB' BIOS setting 'using a simple tool'.
Not necessarily if you turn off your computer or use hibernation instead of sleep, AND you use full disk encryption. This will stop short-term attacks, like cold boot attacks and the like.
Of course, if they "borrow" your laptop for a while, opens it up, installing key loggers, modifying the firmware/hardware, and you do not notice this: you are f*ed.
I mean: even if you believe that "if someone has physical access to your computer, it's pretty much game over" you don't necessarily drop encryption and user password on the laptop and always put it in sleep mode.
Even if you disagree, "cold boot attack" is the established name for the actual attack, the new aspect presented here is how to circumvent a certain firmware protection that would overwrite the memory on a cold boot to prevent that attack.
If you would give your definition we could see if it is right, too.
As a side note, there are so many vulnerabilities constantly coming out that I’ve almost became desensitized. I’m sure that’s not a good thing but it’s almost like “when” not “if” someone will just steal my data.
Not sure if anyone agrees or I’m just a one-off...
Turns out, we should think of RAM more like a hard drive than like something internal to the CPU.
I don‘t think so. It would mean that securing information in the workplace is nearly impossible and colocation hosting security intrusion boils down to picking a physical lock (of your rack).
Last I checked, cold boot attacks have to be executed within moments of a computer powering down unless it's immediately put on ice. I don't understand why we're worried about this.