logoalt Hacker News

dengtoday at 4:57 PM2 repliesview on HN

> Anyone with physical access. I think it is understandable from the phrase.

Sorry, I'm probably dense, I still don't get it. You steal a laptop, you open it, the screen is locked with a password/fingerprint whatever. How do you read out the RAM from that laptop?


Replies

IngoBlechschmidtoday at 5:01 PM

Several options. One is you restart and boot from a live system where you are root, and then dump all memory. This is described in the paper with the witty title "Lest We Remember: Cold Boot Attacks on Encryption Keys":

https://www.usenix.org/legacy/event/sec08/tech/full_papers/h...

Other options: DMA attacks. Also you never know what the Intel Management Engine hidden in your computer is doing. It's running a version of Minix you don't have any control over, and it has full access to memory.

john_strinlaitoday at 4:59 PM

>How do you read out the RAM from that laptop?

the term to look up is "cold boot attack" (https://en.wikipedia.org/wiki/Cold_boot_attack).

tons of cool live demonstrations of how it works on youtube if you've got the 20-40 minutes to spare

show 1 reply