Practical cold boot attack on IoT device - Case study on Raspberry Pi -

Volatile memory like SDRAM, forms an integral part of any computer system. It stores variety of data including sensitive data like passwords and PIN. The data stored in SDRAM is wiped off on power-off. However, by bringing the RAM to freezing cold temperature before power off, the data can persist f...

Full description

Saved in:
Bibliographic Details
Main Authors: Won, Yoo-Seung, Park, Jong-Yeon, Han, Dong-Guk, Bhasin, Shivam
Other Authors: 2020 IEEE International Symposium on the Physical and Failure Analysis of Integrated Circuits
Format: Conference or Workshop Item
Language:English
Published: 2021
Subjects:
Online Access:https://hdl.handle.net/10356/147144
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
Description
Summary:Volatile memory like SDRAM, forms an integral part of any computer system. It stores variety of data including sensitive data like passwords and PIN. The data stored in SDRAM is wiped off on power-off. However, by bringing the RAM to freezing cold temperature before power off, the data can persist for several seconds, allowing recovery through cold boot attacks. In this work, we investigate the vulnerability of IoT device such as Raspberry Pi against cold boot attack for the first time. Our study found that even though the boot sequence is different from laptop, personal computer, and smartphone, we demonstrate that it is still possible to steal the RAM data, even when the bootloader is not public. The net cost of the attack was under 10 dollars and 99.99% of the RAM data was successfully recovered.