Visible to the public Biblio

Filters: Author is Chan, Ellick M.  [Clear All Filters]
2017-05-18
Chan, Ellick M., Carlyle, Jeffrey C., David, Francis M., Farivar, Reza, Campbell, Roy H..  2008.  BootJacker: Compromising Computers Using Forced Restarts. Proceedings of the 15th ACM Conference on Computer and Communications Security. :555–564.

BootJacker is a proof-of-concept attack tool which demonstrates that authentication mechanisms employed by an operating system can be bypassed by obtaining physical access and simply forcing a restart. The key insight that enables this attack is that the contents of memory on some machines are fully preserved across a warm boot. Upon a reboot, BootJacker uses this residual memory state to revive the original host operating system environment and run malicious payloads. Using BootJacker, an attacker can break into a locked user session and gain access to open encrypted disks, web browser sessions or other secure network connections. BootJacker's non-persistent design makes it possible for an attacker to leave no traces on the victim machine.