Robot can rip the data out of RAM chips with chilling technology Cold boot attacks, in which memory chips can be chilled and data including encryption keys plundered, were demonstrated way back in 2008 – but they just got automated. That original type of attack has been improved and automated in the form of a memory-pilfering machine that can be yours for around $2,000, with a bit of self- …
....at the sheer ingenuity displayed by this work.
It is reasonable to assume that a very well financed organization, maybe one with a three letter name, has already figured this out. This may explain the otherwise inexplicable reasoning behind China's ban on Micron memory "for security reasons". Although if Micron were particularly vulnerable to attack then its likely that other memory suppliers were also vulnerable.
>>This may explain the otherwise inexplicable reasoning behind China's ban on Micron memory "for security reasons".
Alternatively the PRC could have banned Micron memory because it, in some use case, is encrypted and they can't use this technique to read the DRAM of some device they want to, err, security check?
This post has been deleted by its author
No visible legs on the chip for their spring clip thingy to attach to in the milliseconds they have available. I guess if you have the access and the time you could de-solder them from the board and stick some extension legs in between it and the board, then do the freezy thing.
It makes it impossible to get to the pins without removing the chip from the board.
I for one previously assumed this made the freeze attack impossible, as desoldering the BGA requires very hot balls - which one would expect to defeat the attack.
It appears that I was mistaken, this is most impressive.
This is lovely tech but the conditions required to make this work are at best special.
This is only going to be useful in a small number of extreme use cases, and it's not exactly portable or ready for mass deployment, especially with all the cryo gear and the specialised knowledge to make it all work and benefit from the output.
Cool (sorry) theoretical exercise but not practical.
Stealing IP or secrets is always of benefit to certain actors.
I've seen Flash with the top of the package removed, wires soldered on and connected to an ICE. It was thrown together to prove to manglement how easy it was. After that (and in a more sophisticated manner, due to trace length and buffering) the engineers put the processor into halt and interrogated the RAM (cold can also be used to extend refresh cycles).
FPGA/CPLD is a step harder as most use encrypted configurations.
Given enough manpower and motivation anything is possible. Governments and TLAs have plenty of both and even modest size companies can enter the game.
Every PLC [programmable logic controller] CPU on the planet effectively. A lot of the critical infrastructure embedded things that we depend on, almost none of them are addressing this kind of attack
If you have physical access to the PLC you don't need this for attack. What it might help with is making signed binaries for remote loading, but really the elephant in the room here is the simple fact you can remotely load a binary. At that point you have a massive security failing already.
Games are a little different, you might want to run your own code on your own hardware and the bastards have locked it down, this allows DRM bypass with a bit of really cool effort.
Yes, my joke is as bad at the other commentard =>
This is an interesting hack. Thankfully, not easy to implement, as you need physical access to the device being hacked. Hopefully, any company with halfway decent physical security will have some protection.
That said, there *are* people (especially those working for the various intelligence agencies) who are *very* good at getting hardware or software (on physical media) into a server room without being noticed.
"That said, there *are* people (especially those working for the various intelligence agencies) who are *very* good at getting hardware or software (on physical media) into a server room without being noticed."
While true, I suspect even a special custom built robot, reader and the cryo gear might be a tad more difficult, even for "them" :-)
They probably already have easier ways.
As true as this may be, I wonder - if you find the same model of controller as the place you want to attack, then use this technique on that controller, can it help you find a way past the controller while on site, without needing access to it? (Especially if there's any glaringly obvious back doors in the code, like how to put the door controller into maintenance mode, etc?)
Imagine that the icon on the right has the alt text of "cool idea, but way past my pay grade" =>
"It doesn't necessarily increase the security of the product, but it does make... reverse engineering the device a whole lot more difficult. It's kind of just wasting time, getting around some of these hardware things."
That's like saying having good quality lock on your door doesn't improve security because all it does is make breaking in a lot harder and more time consuming.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
