F-Secure Discovered Major Vulnerability of Modern PCs and Macs
Security is an essential part to be considered especially in our world full of cyber attackers. Your data can be compromised, your identity can be stolen, that’s why a lot of companies are working to secure their units, but recently, a bad news was unveiled. The security researchers from F-Secure have discovered a new vulnerability of modern computers that allows attackers and hackers to steal your information, your encryption keys and other sensitive data.
Olle Segerdahl, a cybersecurity consultant at F-Secure said that the vulnerability from the modern PCs came from its firmware, that exposes encryption keys, and that’s the information that a hacker needs to attack and steal your data. The current security measures are not enough to protect the data of lost laptops.
According to him, attackers need a physical access to the computer to attack its vulnerable part. Once the access was obtained, 5 minutes is more than enough to successfully attack your device. He also said, “Typically, organizations aren’t prepared to protect themselves from an attacker that has physical possession of a company computer. And when you have a security issue found in devices from major PC vendors, like the weakness my team has learned to exploit, you need to assume that a lot of companies have a weak link in their security that they’re not fully aware of or prepared to deal with”.
According to Olle Segerdahl, the attack is related to the Cold Boot Attack which involves rebooting the computer, taking the proper shutdown process, and exploiting the data into your ram once the power has been successfully turned off. Even though the modern day laptops looks like safe from this attack as it has a feature to overwrite the ram, F-Secure has discovered a way to disable the overwrite process and take cold boot attack.
“It takes some extra steps compared to the classic cold boot attack, but it’s effective against all the modern laptops we’ve tested. And since this type of threat is primarily relevant in scenarios where devices are stolen or illicitly obtained, it’s the kind of thing an attacker will have plenty of time to execute. Because this attack works against the kind of laptops used by companies, there’s no reliable way for organizations to know their data is safe if a computer goes missing. And since 99 percent of company laptops will contain things like access credentials for corporate networks, it gives attackers a consistent, reliable way to compromise corporate targets”, Segerdahl said.
There are now working to start A counter fix to this vulnerability is in work, as they have shared their research findings on tech giants like Intel, Microsoft, and Apple. They are pushing the companies to take an immediate action to face these attacks as this seems to be a serious matter that may inflict a huge loss.
For latest tech news and updates follow TechnoCodex on Facebook, Twitter, Google+. Also, if you like our efforts, consider sharing this story with your friends, this will encourage us to bring more exciting updates for you.