New security flaw discovered; targets modern PCs and Macs

Data on your computer or laptop could be at risk.

    F-Secure, a security firm has discovered a new firmware security flaw that affects the modern PCs and Macs. This security flaw is said to subject the data in modern computers at risk. Consultants from F-Secure have discovered a weakness in the modern computers that allow hackers steal encryption keys and other sensitive data. And, they warn the PC vendors as well as users that the current security measures cannot protect the data in the lost or stolen laptops.

    New security flaw discovered; targets modern PCs and Macs

     

    F-Secure Principal Security Consultant Olle Segerdahl says that attackers need physical access to the computer to exploit the weakness. But once the access is obtained, the adversary can attack the device successfully in less than 5 minutes.

    He further adds that organizations are not prepared to protect themselves from the attacker with access to a company computer. And when a security issue is found in devices from major PC makers like the weakness recently found, you need to assume that a lot of companies have a weak link in their security. But they aren't aware of the same or prepared to handle it.

    Cold boot attack

    This security flaw lets attackers with the physical access to a PC perform a cold boot attack, which is known since 2008. Cold boot attacks involve rebooting the computer following a proper shutdown process and recovering the data that is briefly accessible in the RAM once the power is lost. The modern-day laptops overwrite the RAM to prevent such attacks. However, the team has discovered a way to disable the overwrite process and carry out the cold boot attack.

    Though this process takes extra steps as compared to the cold boot attack, it is claimed to be effective to steal data from the modern laptops. This type of threat is relevant in scenarios where the laptops are stolen or obtained illicitly. Cold boot attacks can be performed by booting a special program off a USB stick.

     

    He further notes that this attack work against the laptops used by companies so there is no reliable way for the companies to know if their data is safe even if a computer is missing. As 99% of the company laptops will have access credentials to the corporate networks, the hackers get a reliable way to compromise the corporate targets. And, there is no easy fix for this issue leaving the companies to address it on their own.

    Companies should be prepared

    As an immediate fix is not likely, he recommends that companies prepare to face these attacks. One such way is to configure the laptops to shut down or hibernate automatically instead of using the sleep mode. Also, it is important to educate the employees who travel about the cold boot attacks. And, the IT department should have a response plan to deal with the issue of stolen laptops.

    Read More About: security hack pcs computers news
    Opinion Poll
    X

    Stay updated with latest technology news & gadget reviews - Gizbot

    We use cookies to ensure that we give you the best experience on our website. This includes cookies from third party social media websites and ad networks. Such third party cookies may track your use on Gizbot sites for better rendering. Our partners use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on Gizbot website. However, you can change your cookie settings at any time. Learn more