TRENDING ON ONEINDIA
- ISIS Co-Conspirator From Tamil Nadu Arrested
- Huawei Mate 20 Pro With Triple Cameras Vs Other High-End Triple And Dual Camera Smartphones
- Mount Harriet National Park Showcases The Richly Diverse Wildlife Of The North Andaman
- Remove Dark Circles With Mint Leaves
- Nana Patekar Will Soon Be In Jail For Harassing Tanushree Dutta, Says Lawyer Nitin Satpute
- New Hyundai Santro First Look Review — The Return Of The Legend
- ISL: FCG Vs MCFC: Preview, Timing, Live Streaming: Goa Keen To Set Record Straight Against Mumbai
- Cases When Insurance Nominee May Not Get Proceeds: All You Should Know
F-Secure, a security firm has discovered a new firmware security flaw that affects the modern PCs and Macs. This security flaw is said to subject the data in modern computers at risk. Consultants from F-Secure have discovered a weakness in the modern computers that allow hackers steal encryption keys and other sensitive data. And, they warn the PC vendors as well as users that the current security measures cannot protect the data in the lost or stolen laptops.
F-Secure Principal Security Consultant Olle Segerdahl says that attackers need physical access to the computer to exploit the weakness. But once the access is obtained, the adversary can attack the device successfully in less than 5 minutes.
He further adds that organizations are not prepared to protect themselves from the attacker with access to a company computer. And when a security issue is found in devices from major PC makers like the weakness recently found, you need to assume that a lot of companies have a weak link in their security. But they aren't aware of the same or prepared to handle it.
Cold boot attack
This security flaw lets attackers with the physical access to a PC perform a cold boot attack, which is known since 2008. Cold boot attacks involve rebooting the computer following a proper shutdown process and recovering the data that is briefly accessible in the RAM once the power is lost. The modern-day laptops overwrite the RAM to prevent such attacks. However, the team has discovered a way to disable the overwrite process and carry out the cold boot attack.
Though this process takes extra steps as compared to the cold boot attack, it is claimed to be effective to steal data from the modern laptops. This type of threat is relevant in scenarios where the laptops are stolen or obtained illicitly. Cold boot attacks can be performed by booting a special program off a USB stick.
He further notes that this attack work against the laptops used by companies so there is no reliable way for the companies to know if their data is safe even if a computer is missing. As 99% of the company laptops will have access credentials to the corporate networks, the hackers get a reliable way to compromise the corporate targets. And, there is no easy fix for this issue leaving the companies to address it on their own.
Companies should be prepared
As an immediate fix is not likely, he recommends that companies prepare to face these attacks. One such way is to configure the laptops to shut down or hibernate automatically instead of using the sleep mode. Also, it is important to educate the employees who travel about the cold boot attacks. And, the IT department should have a response plan to deal with the issue of stolen laptops.