Response to Cold Boot Attack Report
A recently published report from Princeton University highlights a scenario whereby contents that reside in the computer’s memory can be accessed by a targeted, third-party attacker if the system is in a powered-on state — using cold reboot procedures to access data in the DRAM.
As pointed out in the report, full-disk encryption products that employ pre-boot authentication are not at risk from this type of attack unless authentication has taken place and the machine was left in a powered-on state. A PC in “sleep” or “standby” mode is considered in a “powered-on” state and PCs in these states may be vulnerable to an attack similar to that noted in the Princeton report. Conversely, machines that are in “hibernation" mode are effectively powered off, thus immune to this attack after the few seconds the RAM takes to dissipate.
SafeBoot solutions include a multi-layered approach to data protection that includes full, hard-disk encryption, individual file-and-folder encryption, container-based encryption, and, multi-factor authentication measures (or any combination of these solutions — based on the desired level of data security) along with a single security policy management control center to ensure data, on a PC or on the move, remains secure — whereby reducing the vulnerability exploited in the Princeton report.
Because we take data security very seriously, SafeBoot also ensures that our products are EAL4 and FIPS 140-2-certified, ensuring our software addresses vulnerabilities before they affect end users.
At SafeBoot, we work closely with our clients to enable them to balance data security and usability in their unique environment. We welcome any opportunity to discuss ways to improve data security while maintaining usability among our clients and other organizations interested in protecting valuable data.
Media Contact for SafeBoot International:
| Non-EMEA / APAC |
| Eric Sommerton |
| eric.sommerton@safeboot.com |
| +1.239.430.0386 |
