New security flaw discovered; targets modern PCs and Macs

Data on your computer or laptop could be at risk.


F-Secure, a security firm has discovered a new firmware security flaw that affects the modern PCs and Macs. This security flaw is said to subject the data in modern computers at risk. Consultants from F-Secure have discovered a weakness in the modern computers that allow hackers steal encryption keys and other sensitive data. And, they warn the PC vendors as well as users that the current security measures cannot protect the data in the lost or stolen laptops.

New security flaw discovered; targets modern PCs and Macs

F-Secure Principal Security Consultant Olle Segerdahl says that attackers need physical access to the computer to exploit the weakness. But once the access is obtained, the adversary can attack the device successfully in less than 5 minutes.

He further adds that organizations are not prepared to protect themselves from the attacker with access to a company computer. And when a security issue is found in devices from major PC makers like the weakness recently found, you need to assume that a lot of companies have a weak link in their security. But they aren't aware of the same or prepared to handle it.

Cold boot attack

This security flaw lets attackers with the physical access to a PC perform a cold boot attack, which is known since 2008. Cold boot attacks involve rebooting the computer following a proper shutdown process and recovering the data that is briefly accessible in the RAM once the power is lost. The modern-day laptops overwrite the RAM to prevent such attacks. However, the team has discovered a way to disable the overwrite process and carry out the cold boot attack.

Though this process takes extra steps as compared to the cold boot attack, it is claimed to be effective to steal data from the modern laptops. This type of threat is relevant in scenarios where the laptops are stolen or obtained illicitly. Cold boot attacks can be performed by booting a special program off a USB stick.


He further notes that this attack work against the laptops used by companies so there is no reliable way for the companies to know if their data is safe even if a computer is missing. As 99% of the company laptops will have access credentials to the corporate networks, the hackers get a reliable way to compromise the corporate targets. And, there is no easy fix for this issue leaving the companies to address it on their own.

Companies should be prepared

As an immediate fix is not likely, he recommends that companies prepare to face these attacks. One such way is to configure the laptops to shut down or hibernate automatically instead of using the sleep mode. Also, it is important to educate the employees who travel about the cold boot attacks. And, the IT department should have a response plan to deal with the issue of stolen laptops.

Best Mobiles in India

Read More About: security hack pcs computers news

Best Phones

Get Instant News Updates
Notification Settings X
Time Settings
Clear Notification X
Do you want to clear all the notifications from your inbox?
Yes No
Settings X