Cold Boot Attack, that is what the security firm F-Secure calls it. These security vulnerabilities aren’t new at all, the earliest ones were discovered back in 2008. So what is Cold Boot Attack? Simply putting it, RAM(Random Access Memory) on almost every computer is managed by a firmware which is a software, which can be altered in a malicious manner to get chunks of data from RAM which is, in short, the data from all application that had been running in the last instance of power on. Many security enhancing methods have been implemented to reduce risks, like erasing data on power cutoff.
“Sleep mode is vulnerable mode,” says F-Secure Principal Security Consultant Olle Segerdahl.
The recent claimed attacks seemed to have figured out a workaround to all security measures. The sleep mode is the target, where the RAM is not erased but in a state of rest, where all data is ready to get back in action once the use wakes up tyhe machine. Attackers can modify the firmware to protect the memory chip from being overwritten by other processes, thus keeping the data intact, which then can be extracted by other machines once the RAM is extracted from the victim’s system. Obviously, altering firmware is not simple, but neither impossible at the same time, since all manufacturers provide a provision to install updates. And also such attacks would need physical access to the machine, for the purpose of extraction of RAM, the attacker will need to disassemble the cabinet of your machine or use a USB stick to transfer data, so, being alert is all you have to do if you want to be secure.