BootJacker: Compromising Computers Using Forced Restarts
| Title | BootJacker: Compromising Computers Using Forced Restarts |
| Publication Type | Conference Paper |
| Year of Publication | 2008 |
| Authors | Chan, Ellick M., Carlyle, Jeffrey C., David, Francis M., Farivar, Reza, Campbell, Roy H. |
| Conference Name | Proceedings of the 15th ACM Conference on Computer and Communications Security |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-59593-810-7 |
| Keywords | attacks, memory remanence, pubcrawl, remanence, Resiliency, security |
| Abstract | BootJacker is a proof-of-concept attack tool which demonstrates that authentication mechanisms employed by an operating system can be bypassed by obtaining physical access and simply forcing a restart. The key insight that enables this attack is that the contents of memory on some machines are fully preserved across a warm boot. Upon a reboot, BootJacker uses this residual memory state to revive the original host operating system environment and run malicious payloads. Using BootJacker, an attacker can break into a locked user session and gain access to open encrypted disks, web browser sessions or other secure network connections. BootJacker's non-persistent design makes it possible for an attacker to leave no traces on the victim machine. |
| URL | http://doi.acm.org/10.1145/1455770.1455840 |
| DOI | 10.1145/1455770.1455840 |
| Citation Key | chan_bootjacker:_2008 |