| Title | BootJacker: Compromising Computers using Forced Restarts |
| Publication Type | Conference Paper |
| Year of Publication | 2008 |
| Authors | Chan, Ellick, Carlyle Jeffrey C., David Francis M., Farivar Reza, and Campbell Roy H. |
| Conference Name | Conference on Computers and Communications Security |
| Pagination | 555-564 |
| Publisher | ACM |
| Conference Location | Alexandria, Virginia, USA |
| Publication Language | eng |
| ISBN Number | 978-1-59593-810-7 |
| Keywords | security, memory remanence, attacks |
| Abstract | BootJacker is a proof-of-concept attack tool which demonstrates that authentication mechanisms employed by an operating system can be bypassed by obtaining physical access and simply forcing a restart. The key insight that enables this attack is that the contents of memory on some machines are fully preserved across a warm boot. Upon a reboot, BootJacker uses this residual memory state to revive the original host operating system environment and run malicious payloads. Using BootJacker, an attacker can break into a locked user session and gain access to open encrypted disks, web browser sessions or other secure network connections. BootJacker's non-persistent design makes it possible for an attacker to leave no traces on the victim machine. |
| Custom 1 | New York, NY, USA |
| Custom 2 | 2008 |
| Citation Key | 230 |
BootJacker: Compromising Computers using Forced Restarts
Submitted by rhc on Thu, 03/26/2009 - 22:28
- Login to post comments