Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Check Point Security Advisory - Cold Boot Attack

Check Point Security Advisory - Cold Boot AttackCheck Point Security Advisory - Cold Boot Attack A recent study by researchers at Princeton University describes a method to leverage the characteristics of DRAM, found in most computers, to gain access to encryption keys and unlock some common disk encryption products. It is very important to note that this is an attack on the hardware. Additionally, while there is no known successful attack on the Check Point Full Disk Encryption product, we are taking the results of this study very seriously.

Known as the “Cold Boot Attack,” this process is dependent upon several factors coming together in a short and ideal sequence making this more of theoretical scenario and very impractical. First, the attacker must gain physical possession of the computer either while it is running or within a few minutes of shutting down. Then the memory must be dramatically cooled down in order to sustain the contents for any meaningful length of time so it can be copied in its entirety. Next, a program must be run to identify/extract the encryption keys from 1GB+ of memory assuming that the data hasn’t degraded already. Lastly, successfully apply the keys to unlock the disk encryption.

These research findings reinforce the fact that all security, from firewalls to physical security, is developed to mitigate specific threats. Gaining strong and complete security in any given environment requires a combination of security products and policies that address all the potential threats to which sensitive information may be subject. This is even truer when protecting sensitive information that resides on modern endpoint devices.

The most interesting element to this particular attack is that it works during the period between powering off a computer and several minutes after shutdown, after which the information stored in memory completely degrades and disappears. In light of this, the memory chip has become the weak link in security as the information stored in modern DRAM chips doesn’t clear memory the instant a computer is powered off.

Knowing, in practical sense, that this is an attack of opportunity, the award-winning and highly certified Check Point Full Disk Encryption solution remains a very effective data security measure when used in the context of security best practices including the physical security of endpoint devices.

With this said, Check Point has assigned the highest priority to this security issue, initiated a full investigation of the study results and assigned development resources to identify an appropriate remedy based on the findings. In a short period of time since this research announcement, our R&D team has already uncovered software-based enhancements that can make the Cold Boot Attack much more difficult.

In the near term, we strongly recommend the following:

  • Maintain strong physical security practices for business computers
  • When possible, use hibernation instead of sleep/stand-by mode
  • Power down computers when not in use

Over the next several weeks, our R&D team will take a complete look at all options and will quickly implement the best solution to address this discovery. If you have any questions in the interim please contact your Check Point representative.