Nytro Posted October 29, 2015 Report Posted October 29, 2015 nullcon Goa 2015: Cold Boot Attack on DDR2 and DDR3 RAM by Marko Schuba Publicat pe 17 iun. 2015Cold boot attacks enable access to the volatile memory of computers which are in a running state or have just been disconnected from power. The attack makes use of the remanence effect of DRAM: data in memory is not immediately erased after loss of power – it is slowly disappearing. Even after a minute without refresh, data can be found in DRAM. The approach can for instance be used to recover hard disk encryption keys of a locked computer. In the paper cold boot attacks on DDR2 and DDR3 RAM and their results are presented. While attacks on DDR2 have been demonstrated in the past, attacks on DDR3 have been less successful. The authors explain, how they attacked DDR3 RAM of various types and manufacturers. While many PC mainboards overwrite DDR3 before they are powered off, this is not the case for the board of the ASUS Notebook P53E which was used in our experiments. As a result, memory content could be extracted with a measured bit error rate between 0.0007% and 0.07%. For one DDR3 type an attack without cooling was possible, even though the error rate in that case was high (around 80%). Additional analyses of the experimental results revealed, that error rates strongly depend on the address space of DRAM. For example, one DRAM type had clear 64 kB memory block boundaries: while some blocks had bit error rates of 6% or 3%, others had 0% error rate. Other DRAM types also showed different error rates for different areas. The effect is most likely related to the initial state of the respective DRAM type.Thanks for watching this video and you can join us on various social networking sites.Website: nullcon - International Security Conference 2016Facebook: NULLCONTwitter: nullcon (@nullcon) | Twitter Quote
