Boot Jacker


Unformatted text preview:

BootJacker Compromising Computers using Forced Restarts Ellick M Chan Jeffrey C Carlyle Francis M David Reza Farivar Roy H Campbell Department of Computer Science University of Illinois at Urbana Champaign 201 N Goodwin Ave Urbana IL 61801 2302 emchan jcarlyle fdavid farivar2 rhc illinois edu ABSTRACT BootJacker is a proof of concept attack tool which demonstrates that authentication mechanisms employed by an operating system can be bypassed by obtaining physical access and simply forcing a restart The key insight that enables this attack is that the contents of memory on some machines are fully preserved across a warm boot Upon a reboot BootJacker uses this residual memory state to revive the original host operating system environment and run malicious payloads Using BootJacker an attacker can break into a locked user session and gain access to open encrypted disks web browser sessions or other secure network connections BootJacker s non persistent design makes it possible for an attacker to leave no traces on the victim machine Categories and Subject Descriptors D 4 6 Operating Systems Security General Terms Security Keywords Security attacks memory remanence 1 INTRODUCTION A plethora of security schemes have been deployed to protect information on computer systems that are vulnerable to physical theft or unauthorized access Most systems minimally employ an authentication system that requires the user to enter a password before granting access to the system Many systems also employ console or screen saver locks that require re authentication if the user session has been idle for some period of time Modern systems are capable of encrypting network connections and the contents of secondary storage for additional protection To ensure secrecy encryption keys used in such systems are typically not generated until after the user has successfully logged in Once created these keys Permission to make digital or hard copies of all or part of this work for personal or

Loading Unlocking...

Join to view Boot Jacker and access 3M+ class-specific study document.

We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Boot Jacker and access 3M+ class-specific study document.


By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?