Cold Boot Attack
What is Cold Boot Attack?
Cold Boot AttackA physical attack that recovers cryptographic keys and other secrets from RAM by rapidly powering off and re-reading the volatile memory before its contents fully decay.
Cold boot attacks exploit the data-remanence property of DRAM: contents linger for seconds to minutes after power-off, longer when chilled with compressed air or liquid nitrogen. An attacker with physical access can power-cycle the machine, boot a small tool from USB, and dump residual memory to recover disk-encryption keys (BitLocker, FileVault, LUKS), passwords, and session tokens. The 2008 Princeton paper by Halderman et al. and the 2018 F-Secure update against modern firmware locks demonstrated the technique remains practical. Defences include encrypting memory (Intel TME, AMD SME), pre-boot memory scrubbing, requiring TPM+PIN for disk unlock, locking firmware to forbid boot from USB and physical security for high-value devices.
● Examples
- 01
Princeton 2008 cold-boot extraction of BitLocker keys.
- 02
F-Secure 2018 demonstration bypassing newer firmware memory overwrites.
● Frequently asked questions
What is Cold Boot Attack?
A physical attack that recovers cryptographic keys and other secrets from RAM by rapidly powering off and re-reading the volatile memory before its contents fully decay. It belongs to the Vulnerabilities category of cybersecurity.
What does Cold Boot Attack mean?
A physical attack that recovers cryptographic keys and other secrets from RAM by rapidly powering off and re-reading the volatile memory before its contents fully decay.
How do you defend against Cold Boot Attack?
Defences for Cold Boot Attack typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Cold Boot Attack?
Common alternative names include: DRAM remanence attack.