Skip to main content


Home Cold boot attack

Cold boot attack

(also hard boot attack, cold start attack, dead start attack)

Cold boot attack definition

A cold boot attack is a type of cyber attack that targets the contents of a computer's random access memory (RAM) when the system is rebooted from a completely “cold” state. For example, when it is powered on after being turned off.

During a cold boot attack, an attacker gains access to a computer's RAM by physically removing it and placing it in another computer or by rebooting the computer with a specially crafted bootable device. By doing so, the attacker can recover encryption keys, login credentials, and other sensitive data that may have been stored in the RAM before the system was shut down.

See also: cold boot, hard reset

Occurrence of cold boot attacks

Cold boot attacks are relatively rare compared to other types of cyber attacks, primarily because they require physical access to the targeted system or component. However, they can still occur in certain situations, particularly when the attacker has specific knowledge of the targeted system and its vulnerabilities.

In recent years, several high-profile incidents involving cold boot attacks have been reported. For example, in 2018, researchers from the University of Cambridge demonstrated a new variant of the cold boot attack that could be used to bypass certain hardware-based protections, such as Intel's SGX technology. This vulnerability affected millions of devices worldwide.

In 2015, a group of hackers known as “Equation Group” was discovered to be using a variety of advanced cyber attack techniques, including cold boot attacks, to target high-value targets such as governments, military organizations, and financial institutions.

Overall, while cold boot attacks are relatively uncommon, they remain a serious threat to computer security and can have significant consequences for organizations and individuals if not properly addressed. As a result, it is important to implement appropriate security measures, such as encrypting data at rest and in transit, using secure boot options, and physically securing computer systems and components to prevent unauthorized access.