A NEWLY-DISCOVERED security flaw puts “almost all modern laptops” at risk of data theft, F-Secure has warned.
The attack, which F-Secure claims takes just five minutes to carry out if a hacker has physical access to a targeted PC, is based on a traditional ‘cold boot’ attack. These have been around since 2008, and occur when an attacker forces a computer reboot and then steals any data that remains in the RAM.
Most computers now include a safety measure that sees it removes the data stored on RAM to prevent hackers from stealing sensitive information.
But F-Secure principal security consultant Olle Segerdahl, along with other researchers from the security outfit, claim they’ve discovered a way to disable that safety measure and extract data using the ten-year-old cold boot attack method.
“It takes some extra steps compared to the classic cold boot attack, but it’s effective against all the modern laptops we’ve tested,” Segerdahl said in a statement.
“It’s not exactly easy to do, but it’s not a hard enough issue to find and exploit for us to ignore the probability that some attackers have already figured this out.
“It’s the kind of thing that attackers looking for bigger phish, like a bank or large enterprise, will know how to use,” he added.
F-Secure says that laptops from Apple, Dell and Lenovo are vulnerable to the modified attack, and said it’s notified Microsoft, Intel and Apple about the problem so they can get to work on a fix.
However, the security firm warns that there isn’t an easy fix available for laptops that are already being used, so it’s likely something companies and end users will have to deal with on their own.
“Because this attack works against the kind of laptops used by companies there’s no reliable way for organizations to know their data is safe if a computer goes missing,” added Segerdahl.
“And since 99 per cent of company laptops will contain things like access credentials for corporate networks, it gives attackers a consistent, reliable way to compromise corporate targets.”
While Apple and Intel are yet to comment, Microsoft remarked: “This technique requires physical access. To protect sensitive info, at a minimum, we recommend using a device with a discreet Trusted Platform Module (TPM), disabling sleep/hibernation and configuring BitLocker with a Personal Identification Number (PIN).” µ
Source : Inquirer