Too bad the author did not provide hardware specs. Such attack is even harder on DDR4 and DDR5 memory and most publications refer to legacy ram such as DDR3

> In my experience I have had the most success restarting the system while Windows is loading but before the login screen has appeared, at least in the case of finding FVEK keys.

So what is this? It was supposed to be memory attack and he's dumping the keys after someone unlocked it and it's booting?

So this is just another theoretical attack where perfect conditions must be met.

This attack has nothing to do with the memory type; memory is never made cold or allowed to decay. The system is hot-restarted into UEFI. Ideally no memory refreshes are skipped.

I do wish they provided the hardware specs too, though, as this reflects an incorrect UEFI platform implementation of MOR.

You are right, but i still have no idea what is the point of this article.

The guy unlocked the bitlocker, then restarted PC just before login screen appeared. He said that's when he had most success. What sense does it make to restart and start looking for key in memory, when bitlocker has been just unlocked.

I steal your Windows laptop. I want your data. I don't have your credentials, so can't login to Windows. I let your laptop boot to the point where Bitlocker is automatically unlocked, perform a hard reboot, dump the RAM, extract the keys, and can now decrypt your drive and extract your data.

> What sense does it make to restart when bitlocker has been just unlocked.

You steal a laptop. You turn on the laptop. You reboot it into UEFI and steal the keys. This is bad for BitLocker. Ideally this is not possible because the MOR bit should cause the keys to be erased by the platform initialization before boot-from-USB is possible.

Bitlocker is unlocked before you reach the login screen.

If I understand correctly, you need to start the PC, reboot just before the login screen appears, and boot to an USB application, which will copy the memory content.

You seem to think it's common to require a separate BitLocker unlock step. In reality, this is extremely rare: the vast majority of users have no idea about any of this and have BitLocker set to automatically unlock during system power on.

So this is a viable attack on many, many real-world systems. Adding a BitLocker password/PIN is a mitigation that prevents this attack.

Note that BitLocker is still very useful even in this mode: it guarantees that someone who steals your laptop can't just connect the disk to another system and read everything on it, unless they can actually extract the keys from RAM, or bypass Windows authentication - this attack allows them to do the former relatively easily.

Hey I'm the author. I did this on DDR4 RAM. Specifically, it was F4-3600C18D-32GVK in two slots and MD16GK2D4320016AXR in the other two.

Yes and the DGSE agents visiting every week or so giving him an release offer you can't refuse.

CEO getting arrested does not mean telegram will go down.

Direct involvement with scams? You got to be kidding me. This guy is worth 15 billion USD, he does need to do anything.

It's about lack of cooperation in censoring content.

Telegram outright refuses to comply with any records requests not related to child abuse or terrorism, and even those they often delay and only release phone numbers and IP addresses. They have the data and basically use grand scale legal gamesmanship to avoid data requests. See https://www.spiegel.de/netzwelt/apps/telegram-gibt-nutzerdat... or even their own official policy https://telegram.org/privacy?setln=it#8-3-law-enforcement-au.... If you actually have the data to turn over you can't do this legally.

Durov's exile is also somewhat tenuous: https://tjournal.ru/tech/52954-durov-back-in-ussr https://lenta.ru/news/2017/03/20/durov/

This is sort of forgotten now but there was the time where they censored the Smart Voting bot.

I don't think going after Durov personally is justified, and the charges should just be contempt of court if anything. But I don't trust him.

> Direct involvement with scams? You got to be kidding me. This guy is worth 15 billion USD, he does need to do anything.

I have no knowledge about this and make no assumptions about whether or not he is involved in any kind of financial misconduct - but there are many cases of very rich people doing risky and illegal things to further grow their wealth, despite already having more than enough money.

Someone with $15bn is certainly going to take risks to get more, but running a pedo web ring does not offer that scale of money.

Exploration geophysics (large area mapping in search of resources) loses money hand over fist .. it's like sinking money into lottery tickets .. and yet billionaires routinely dabble in it and a few own companies that take on contract work, lose money and act as tax write offs for other parts of their business.

It's about the contacts and the advance inside knowledge.

Circling back to an alledged "pedo web ring" ala, say, Epstein .. the big pay off wouldn't be connected to "services" and charging access to view materials, the real money (if any was being made) would be in "blackmail" and "quid pro quo" investment infomation etc.

Once a few whales are landed, say past and future POTUS candidates, C-Suites of mega tech companies, bankers, etc. what limit is there on making money from tips in exchange for keeping a few secrets?

I have zero knowledge re: the Telegram founder and any of this, but history is littered with rumours of elite clubs, cosy finnancial arrangements and getting away with the breaking of convential rules. (eg: one example: https://en.wikipedia.org/wiki/Westminster_paedophile_dossier)

This is a good point. It doesn't have to be Mullvad but it's almost guaranteed based on what we've seen in the history (see CIA + swiss crypto company) that some of the major VPN providers are managed by intelligence agencies. Either VPN companies were bought via shell companies after reaching certain market share or they were even developed from the scratch.

this is most interesting piece of entire presentation.

They can query location remotely using GPS and likely turn on microphone too.

Dont worry, registrants will move to offshore locations and that's how it's gonna end.

...then EU gets its own GFW to "protect its internet sovereignty" or whatever.

Today, i read somewhere while watching protonmail case comments, that switzerland has quite extensive surivellance laws which include possiblity of logging whole country inbound and outbound traffic for period of 6 months.

If they really cared about anonymity ProtonMail would ship their mobile app with bundled TOR. Especially the mobile version, since plenty of non-tech savy people use mobile only.

Yes 100% this. Their mobile apps need to have a switch for "All connections through Tor", and that switch should be enabled by default.

Tor too slow? Speed up the ecosystem by setting up your own Tor nodes, Proton.

Nothing stops them from deploying malicious javascript code to comply with court orders.

Nothing stops them from logging user password either, then the entire mailbox contents is compromised

Many good points + 1.

Well, if that matters, nothing stops _any_ email service provider from doing those things. And I would prefer a provider that at least tries to be clear about what to expect. One thing that PM failed to account for is how many people live in an imaginary world where it is possible to run a business that is stable, profitable on one hand, on the other hand fights for other people's freedom at own expense and is constantly in conflict with local authorities.