BootJacker: Compromising computers using forced restarts

Ellick M. Chan, Jeffrey C. Carlyle, Francis M. David, Reza Farivar, Roy H. Campbell

Research output: Chapter in Book/Report/Conference proceedingConference contribution


BootJacker is a proof-of-concept attack tool which demonstrates that authentication mechanism', employed by an operating 'ystem can be bypassed by obtaining physical access and simply forcing a restart. The key insight that enables this attack is that the contents of memory on some machines are fully preserved across a warm boot. Upon a reboot, BootJacker uses this residual memory state to revive the original host operating system environment and run malicious payloads. Using BootJacker, an attacker can break into a locked user session and gain access to open encrypted disks, web browser sessions or other secure network connections. BootJacker's non-persistent design makes it possible for an attacker to leave no traces on the victim machine.

Original languageEnglish (US)
Title of host publicationProceedings of the 15th ACM Conference on Computer and Communications Security, CCS'08
Number of pages10
StatePublished - Dec 1 2008
Event15th ACM conference on Computer and Communications Security, CCS'08 - Alexandria, VA, United States
Duration: Oct 27 2008Oct 31 2008

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221


Other15th ACM conference on Computer and Communications Security, CCS'08
Country/TerritoryUnited States
CityAlexandria, VA


  • Attacks
  • Memory remanence
  • Security

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications


Dive into the research topics of 'BootJacker: Compromising computers using forced restarts'. Together they form a unique fingerprint.

Cite this