TRENDING ON ONEINDIA
- UK Court Orders Vijay Mallya's Extradition; CBI Welcomes Decision
- Hockey World Cup 2018 — Catch The Latest Updates
- PUBG Mobile — Watch The New Live-Action Trailer
- Tata Nexon Crash Test Global NCAP — Five Stars And Officially Becomes The Safest Car In India!
- SBI, HDFC Bank Loans To Get Costlier As Lenders Increase MCLR
- Sara Ali Khan Has Inspired Us To Keep It Casual-glam For The Next Party
- To Gorkhey — A Homestay Trek In The Himalayas
- These Unseen Pics From 'NickYanka's Weddings Scream Love!
F-Secure, a security firm has discovered a new firmware security flaw that affects the modern PCs and Macs. This security flaw is said to subject the data in modern computers at risk. Consultants from F-Secure have discovered a weakness in the modern computers that allow hackers steal encryption keys and other sensitive data. And, they warn the PC vendors as well as users that the current security measures cannot protect the data in the lost or stolen laptops.
F-Secure Principal Security Consultant Olle Segerdahl says that attackers need physical access to the computer to exploit the weakness. But once the access is obtained, the adversary can attack the device successfully in less than 5 minutes.
He further adds that organizations are not prepared to protect themselves from the attacker with access to a company computer. And when a security issue is found in devices from major PC makers like the weakness recently found, you need to assume that a lot of companies have a weak link in their security. But they aren't aware of the same or prepared to handle it.
Cold boot attack
This security flaw lets attackers with the physical access to a PC perform a cold boot attack, which is known since 2008. Cold boot attacks involve rebooting the computer following a proper shutdown process and recovering the data that is briefly accessible in the RAM once the power is lost. The modern-day laptops overwrite the RAM to prevent such attacks. However, the team has discovered a way to disable the overwrite process and carry out the cold boot attack.
Though this process takes extra steps as compared to the cold boot attack, it is claimed to be effective to steal data from the modern laptops. This type of threat is relevant in scenarios where the laptops are stolen or obtained illicitly. Cold boot attacks can be performed by booting a special program off a USB stick.
He further notes that this attack work against the laptops used by companies so there is no reliable way for the companies to know if their data is safe even if a computer is missing. As 99% of the company laptops will have access credentials to the corporate networks, the hackers get a reliable way to compromise the corporate targets. And, there is no easy fix for this issue leaving the companies to address it on their own.
Companies should be prepared
As an immediate fix is not likely, he recommends that companies prepare to face these attacks. One such way is to configure the laptops to shut down or hibernate automatically instead of using the sleep mode. Also, it is important to educate the employees who travel about the cold boot attacks. And, the IT department should have a response plan to deal with the issue of stolen laptops.