Saturday, 17 November 2018
Latest news
Main » Cold boot attack leaves Apple and Microsoft systems vulnerable to data theft

Cold boot attack leaves Apple and Microsoft systems vulnerable to data theft

16 September 2018

There's no immediate fix available for the new vulnerability, F-Secure said.

When computers are restarted, the motherboard firmware can wipe the RAM clean to remove any lingering data. They claim to have found a firmware vulnerability that can potentially let hackers with physical access to a computer turn off data overwriting.

Security researchers discovered a flaw with almost all modern computers that allow potential hackers to steal sensitive information from your locked devices.

"It takes some extra steps compared to the classic cold boot attack", Segerdahl told TechCrunch's Zack Whittaker, "but it's effective against all the modern laptops we've tested".

More news: Experts disagree on whether Dallas officer could be credible

The exploit, known as a cold-boot attack, which has been known to hackers since 2008, involves rebooting a computer without initiating a proper shutdown process, then scalping the residual data that briefly sits on the machine's RAM.

"The attack exploits the fact that the firmware settings governing the behaviour of the boot process are not protected against manipulation by a physical attacker", F-Secure wrote in a blog post. Freezing the RAM chips, though, helps preserve the data during this time, allowing booting into a live operating system from a USB stick. But F-Secure Principal Security Consultant Olle Segerdahl says once achieved, an adversary can successfully perform the attack in about 5 minutes. F-Secure's Olle Segerdahl and Pasi Saarinen found a way to rewrite the non-volatile memory chip that contains the security settings, thus disabling memory overwriting.

According to the researchers, "nearly all" modern computers are vulnerable to the attack, including laptops from major manufacturers such as Dell, Lenovo, and even Apple.

Segerdahl and Saarinenare are due to present their research at the SEC-T conference in Sweden this week, and at Microsoft's BlueHat v18 in the United States on September 27. And although the researchers have shared their findings with Microsoft, Intel and Apple, mitigations are still a work in progress.

More news: Razer Phone 2 Image Digest

Interestingly, the vulnerability can not be fixed easily, and according to F-Secure, companies should be ready to deal with such attacks.

Their attack works on computers in sleep mode, since shut down and hibernation actions cut off the power, and cause the residual memory to quickly degrade beyond recovery.

The top recommendation from the experts is to configure laptops to shut down or hibernate instead of entering sleep mode. Educating workers, especially executives and employees who travel, about cold boot attacks and similar threats is also important.

Microsoft said it's updated its software to stop the attack.

More news: Jamie Murray: Serena Williams' sexism claims are 'a bit far-fetched'

Apple responded by pointing to the latest generation of Macs, which have the T2 chip that do the encryption separately from the CPU and makes such an attack more hard to execute.