Cold Boot Attack waa hab kale oo loo isticmaalo in lagu xado xogta. Waxa kaliya ee gaarka ah waa inay si toos ah u galaan qalabka kombiyuutarkaaga ama kombiyuutarka oo dhan. Maqaalkani wuxuu ka hadlayaa waxa uu yahay Cold Boot Attack iyo sida looga badbaado farsamooyinka noocaas ah.

Waa maxay Cold Boot Attack

Weerarka Cold Boot Attack ama Platform Reset Attack, weeraryahan si jir ah u gelaya kumbuyuutarka ayaa dib u bilaabaya qabow si uu mashiinka dib ugu bilaabo si uu uga soo saaro furayaasha sirta ah nidaamka hawlgalka Windows .

Waxay na bareen dugsiyada in RAM ( Random Access Memory ) uu yahay mid kacsan oo aanu hayn karin xogta haddii uu kumbiyuutarku dansan yahay. Waxa ay ahayd in ay noo sheegaan waxa ay ahayd in … aan hayn karin xogta muddo dheer haddii kumbiyuutarku dansan yahay^{(cannot hold data for long if the computer is switched off)} . Taas macneheedu waxa weeye, RAM wali waxay haysaa xogta dhawr ilbiriqsi ilaa dhawr miridh ka hor inta aanay dhammaanin koronto la'aanta awgeed. Muddo aad u yar, qof kasta oo haysta qalab ku habboon wuxuu akhrin karaa RAM -ka oo koobi kara waxa ku jira kaydin badbaado leh oo joogto ah isagoo isticmaalaya nidaam hawleed fudud oo ka duwan kan USB stick ama SD Card . Weerarka noocan oo kale ah waxaa loo yaqaannaa weerarka kabaha qabow.

Bal qiyaas kombuyuutar oo jiifa iyadoon cidina ilaalinayn hay'adda qaar dhowr daqiiqo. Hackers kasta waa inuu dejiyaa qalabkiisa oo uu damiyo kombiyuutarka. Marka RAM -ku qaboojiyo (xogta si tartiib tartiib ah u baxaysa), hackersku wuxuu ku xiraa usha USB bootable iyo kabaha isaga oo isticmaalaya. Isaga ama iyada waxay koobi karaan waxa ku jira shay la mid ah isla USB stick.

Maadaama dabeecadda weerarku uu daminayo kumbiyuutarka ka dibna la isticmaalayo furaha korantada si uu dib ugu bilaabo, waxaa loo yaqaan 'boot qabow'. Waxaa laga yaabaa inaad baratay kabaha qabow iyo kabaha diiran sannadahaagii hore ee xisaabinta. Boot qabow waa meesha aad ka bilowdo kombuyuutar adiga oo isticmaalaya furaha korontada. Boot diirran waa meesha aad isticmaasho ikhtiyaarka dib-u-kicinta kombuyuutarka adoo isticmaalaya ikhtiyaarka dib u bilaabista ee liiska xidhitaanka.

Qaboojinta RAM-ka

Tani waa khiyaano kale oo ku saabsan gacmaha tuugada. Waxay si fudud ugu buufin karaan walxaha qaar (tusaale: Nitrogen Liquid^{(Liquid Nitrogen)} ) modules RAM si ay isla markiiba u barafoobaan. Heerkulka hooseeyo, RAM dheer ayaa hayn kara macluumaadka. Isticmaalka khiyaamadan, waxay (hackers) si guul leh u dhamaystiri karaan Cold Boot Attack oo koobi karaan xogta ugu badan. Si loo dedejiyo hawsha, waxay adeegsadaan feylasha autorun ee nidaamka^(System) hawlgalka fudud ee ku yaala USB sticks ama kaadhadhka SD oo la xidho wax yar ka dib marka la xidho kombiyuutarka la jabsado.

Tallaabooyinka Weerarka Qabow

Khasab maaha in qof kastaa isticmaalo qaababka weerarka ee la mid ah kan hoose. Si kastaba ha ahaatee, inta badan tillaabooyinka caadiga ah ayaa hoos ku taxan.

1. Beddel xogta BIOS si aad ugu oggolaato in ^(BIOS)USB-ga^(USB) laga bilaabo marka hore
2. Geli ^(Insert)USB bootable kombayutarka su'aasha laga hadlayo
3. Si qasab ah u dami kombiyuutarka si uusan processor-ku u helin waqti uu ku furo furaha sirta ah ama xogta kale ee muhiimka ah; ogow in xidhidhiyaha saxda ah uu isna caawin karo laakiin laga yaabo in aanu ku guulaysan sida qasab lagu xidho adiga oo riixaya furaha korontada ama habab kale.
4. Sida ugu dhakhsaha badan, adoo isticmaalaya korantada si aad u qaboojiso kumbuyuutarka waa la jabsaday
5. Tan iyo markii goobaha BIOS la beddelay, OS-ka ku yaal usha USB waa la raray
6. Xataa iyadoo OS-kan la raraynayo, waxay si toos ah u socodsiiyaan hababka si ay u soo saaraan xogta ku kaydsan RAM .
7. Dib u dami kumbiyuutarka ka dib markaad hubiso kaydinta meesha aad ku kaydsan tahay (halka xogta la xaday lagu kaydiyo), ka saar USB OS Stick , oo ka bax

Waa maxay macluumaadka khatarta ugu jira Weerarada Boot Qabow^{(Cold Boot Attacks)}

Inta badan macluumaadka/xogta caadiga ah ee khatarta ku jirta waa furayaasha sirta diskka iyo furayaasha sirta ah. Caadiyan, ujeedada weerarka kabaha qabow waa in la soo saaro furayaasha sirta diskka si sharci darro ah, iyada oo aan oggolaansho loo haysan.

Waxyaabaha ugu dambeeya ee dhaca marka si sax ah loo xiro waa disk-yada oo laga soo dejiyo oo la isticmaalo furayaasha sirta ah si loo xafido si ay suurtogal u tahay in kombuyuutarku si lama filaan ah loo damiyo, xogta ayaa laga yaabaa inay weli diyaar u yihiin iyaga.

Ka ilaalinta naftaada weerarka qabow ee kabaha^{(Cold Boot Attack)}

Heer shakhsi ahaaneed, kaliya waxaad hubin kartaa inaad u dhowdahay kombiyuutarkaaga ilaa ugu yaraan 5 daqiiqo ka dib marka uu xirmo. Intaa waxaa dheer, hal taxaddar ayaa ah in si habboon loo xiro adigoo isticmaalaya liiska xiritaanka, halkii aad ka soo jiidi lahayd xadhigga korontada ama isticmaalka badhanka korontada si aad u damiso kombiyuutarka.

Wax badan ma qaban kartid sababtoo ah maaha arrin software inta badan. Waxay la xiriirtaa wax badan oo ku saabsan qalabka. Markaa shirkadaha qalabka wax soo saara waa in ay qaadaan tallaabada ay uga saarayaan dhammaan xogta RAM sida ugu dhaqsaha badan kaddib marka kombayutarka la damiyo si ay kaaga ilaaliyaan weerarka qabow ee kabaha.

Kumbuyuutarrada qaar ayaa hadda dib u qoraa RAM ka hor inta aan gebi ahaanba la xidhin. Weli, suurtagalnimada xidhitaan qasab ah ayaa had iyo jeer jirta.

Farsamada ay isticmaasho BitLocker waa in ay isticmaasho PIN si ay u gasho RAM . Xitaa haddii kombuyuutarku uu ahaa mid la qaboojiyey (xaalad damisay kumbiyuutarka), marka isticmaaluhu ka kiciyo oo uu isku dayo inuu galo wax, marka hore waa inuu galo PIN si uu u galo RAM . Habkani sidoo kale maaha mid nacasnimo caddaynaya sababtoo ah hackers-ku waxay heli karaan PIN - ka iyagoo isticmaalaya mid ka mid ah hababka Phishing ama injineernimada bulshada^{(Social Engineering)} .

Soo koobid

Korku wuxuu sharxayaa waxa uu yahay weerarka kabaha qabow iyo sida ay u shaqeyso. Waxaa jira xaddidaadyo ay sabab u tahay 100% ammaanka aan la bixin karin ka hortagga weerarka kabaha qabow. Laakiin inta aan ogahay, shirkadaha ammaanku waxay ka shaqeynayaan sidii ay u heli lahaayeen hagaajin ka wanaagsan sidii ay si fudud dib ugu qori lahaayeen RAM ama u isticmaali lahaayeen PIN si ay u ilaaliyaan waxa ku jira RAM .

Hadda akhri^{(Now read)} : Waa maxay Weerarkii Dabka^{(What is a Surfing Attack)} ?

What is a Cold Boot Attack and how can you stay safe?

Cold Boot Attack is yet another method used to steal data. The only thing special is that they have direct access to your computer hardware or the whole computer. This article talks about what is Cold Boot Attack and how to stay safe from such techniques.

What is Cold Boot Attack

In a Cold Boot Attack or a Platform Reset Attack, an attacker who has physical access to your computer does a cold reboot to restart the machine in order to retrieve encryption keys from the Windows operating system

They taught us in schools that RAM (Random Access Memory) is volatile and cannot hold data if the computer is switched off. What they should have told us should have been …cannot hold data for long if the computer is switched off. That means, RAM still holds data from few seconds to few minutes before it fades out due to lack of electricity supply. For an ultra-small period, anyone with proper tools can read the RAM and copy its contents to a safe, permanent storage using a different lightweight operating system on a USB stick or SD Card. Such an attack is called cold boot attack.

Imagine a computer lying unattended at some organization for a few minutes. Any hacker just has to set his tools in place and turn off the computer. As the RAM cools down (data fades out slowly), the hacker plugs in a bootable USB stick and boots via that. He or she can copy the contents into something like the same USB stick.

Since the nature of the attack is turning off the computer and then using the power switch to restart it, it is called cold boot. You might have learned about cold boot and warm boot in your early computing years. Cold boot is where you start a computer using the power switch. A Warm Boot is where you use the option of restarting a computer using the restart option in the shutdown menu.

Freezing the RAM

This is yet another trick on the sleeves of hackers. They can simply spray some substance (example: Liquid Nitrogen) on to RAM modules so that they freeze immediately. The lower the temperature, the longer RAM can hold information. Using this trick, they (hackers) can successfully complete a Cold Boot Attack and copy maximum data. To quicken the process, they use autorun files on the lightweight Operating System on USB Sticks or SD Cards that are booted soon after shutting down the computer being hacked.

Steps in a Cold Boot Attack

Not necessarily everyone uses attack styles similar to the one given below. However, most of the common steps are listed below.

1. Change the BIOS information to allow boot from USB first
2. Insert a bootable USB into the computer in question
3. Turn off the computer forcibly so that the processor doesn’t get time to dismount any encryption keys or other important data; know that a proper shutdown may too help but may not be as successful as a forced shut down by pressing the power key or other methods.
4. As soon as possible, using the power switch to cold boot the computer being hacked
5. Since the BIOS settings were changed, the OS on a USB stick is loaded
6. Even as this OS is being loaded, they autorun processes to extract data stored in RAM.
7. Turn off the computer again after checking the destination storage (where the stolen data is stored), remove the USB OS Stick, and walk away

What information is at risk in Cold Boot Attacks

Most common information/data at risk are disk encryption keys and passwords. Usually, the aim of a cold boot attack is to retrieve disk encryption keys illegally, without authorization.

The last things to happen when in a proper shutdown are dismounting the disks and using the encryption keys to encrypt them so it is possible that if a computer is turned off abruptly, the data might still be available for them.

Securing yourself from Cold Boot Attack

On a personal level, you can only make sure that you stay near your computer until at least 5 minutes after it is shut down. Plus one precaution is to shut down properly using the shutdown menu, instead of pulling the electric cord or using the power button to turn off the computer.

You can’t do much because it is not a software issue largely. It is related more to the hardware. So the equipment manufacturers should take the initiative to remove all data from RAM as soon as possible after a computer is turned off to avoid and protect you from cold boot attack.

Some computers now overwrite RAM before completely shut down. Still, the possibility of a forced shutdown is always there.

The technique used by BitLocker is to use a PIN to access RAM. Even if the computer has been hibernated (a state of turning off the computer), when the user wakes it up and tries to access anything, first he or she has to enter a PIN to access RAM. This method is also not fool-proof as hackers can get the PIN using one of the methods of Phishing or Social Engineering.

Summary

The above explains what a cold boot attack is and how it works. There are some restrictions due to which 100% security cannot be offered against a cold boot attack. But as far as I know, security companies are working to find a better fix than simply rewriting RAM or using a PIN to protect the contents of RAM.

Now read: What is a Surfing Attack?

Related posts

• Sida gacanta loogu sahlo Retpoline Windows 10

• Sida loogu wargaliyo Bug, Arrin ama Nuglaanta Microsoft

• Weerarada Nuglaanta Afduubka DLL, Kahortagga & Ogaanshaha

• CSS Exfil Ilaalinta biraawsarka kordhinta waxay bixisaa CSS Exfil weerar nuglaanta

• Iskaanka Guriga Bitdefender: Ka baadh shabakadaada guriga si aad u hesho dayacan

• Sida loo bootiyo ama loo hagaajiyo kumbuyuutarka Windows iyadoo la isticmaalayo Rakibaadda Warbaahinta

• Hagaaji PXE-E61, Fashilka Tijaabada Warbaahintu, Hubi qaladka kabaha fiilada ee Windows 11/10

• Ku soo celi oo soo celi Qaybta Bootka & MBR oo leh HDHacker

• Daaqadaha ayaa ku guul darraystay in ay bootiyaan; Dayactirka Bilawga Tooska ah, Dib u dajinta PC wuu guuldarraystay, wuu socdaa

• Dib u hagaajinta khaladaadka saxanka, Tani waxay qaadan kartaa saacad in la dhamaystiro

• Sida loo hagaajiyo Start PXE IPV4 gudaha Windows 11/10

• Sida loo isticmaalo Avast Boot Scan si looga saaro Malware-ka Windows PC

• Sida loo damiyo Secure Boot gudaha Windows 11/10

• Hagaaji BOOTMGR waa la cufan yahay - Windows 10 qalad bilawga ah

• Beddel jihada duubista Mac trackpad-ka ee Windows Dual Boot

• Hagaaji koodka qaladka Motherboard-ka 99 kombayutarada Windows

• Codsiga wuxuu ku guuldareystay inuu si sax ah u bilaabo (0xc0000135)

• Ku ilaali Diiwaanka Bootka Master-ka ee kombuyuutarkaaga sifeeyaha MBR

• Sida loo geliyo Windows UEFI ama BIOS firmware

• Sida loo geliyo wakhtiga boot-ka iyo samaynta Boot Trace gudaha Windows 10