What is old is new: Cold Boot Attacks

Cold boot attacks have been around for a decade and steal information stored on a computer that hasn’t been shut down properly or left in a vulnerable sleeping state.  The root cause is data is left in memory which can be accessed in a cold boot attack.

Recently F-Secure published steps to steal data from a computer even if the files/disk were encrypted.  The steps are straightforward and assume the hacker has physical control of the computer.  A stolen work laptop with company intellectual property would be a prime target for this type of attack.

How to prevent this.  F-Secure advises to either shut down or hibernate the computer and never put the computer in sleep mode.  Hibernate mode protects data such as encryption keys from memory.

A security PIN/password to wake a computer is also a good best practice.  Apple computers using the new T2 Controller Chip are not susceptible to this attack, but the T2 chip is only available on 2018 Mac Pro laptops.

Security should never be Opt-In.  Asking employees to always shut down or hibernate their computer is hard to enforce.  Thankfully, there is another solution.  In SecureCircle’s most secure mode, encryption keys are never stored locally.  Computers protected with SecureCircle would never be at risk for a cold boot attack.

SecureCircle is the first opt-out data protection for solving today’s cybersecurity challenges in a Zero Trust world.  Its patent-pending data-centric protection prevents breaches and data loss and allows organizations to ensure the security, visibility, and control of data from internal and external threats regardless of the location including the cloud.