There's no immediate fix available for the new vulnerability, F-Secure said.
When computers are restarted, the motherboard firmware can wipe the RAM clean to remove any lingering data. They claim to have found a firmware vulnerability that can potentially let hackers with physical access to a computer turn off data overwriting.More news: Tropical cyclones Florence and Mangkhut pose threats - Philippines
The exploit, known as a cold-boot attack, which has been known to hackers since 2008, involves rebooting a computer without initiating a proper shutdown process, then scalping the residual data that briefly sits on the machine's RAM.
"The attack exploits the fact that the firmware settings governing the behaviour of the boot process are not protected against manipulation by a physical attacker", F-Secure wrote in a blog post. Freezing the RAM chips, though, helps preserve the data during this time, allowing booting into a live operating system from a USB stick. But F-Secure Principal Security Consultant Olle Segerdahl says once achieved, an adversary can successfully perform the attack in about 5 minutes. F-Secure's Olle Segerdahl and Pasi Saarinen found a way to rewrite the non-volatile memory chip that contains the security settings, thus disabling memory overwriting.
Segerdahl and Saarinenare are due to present their research at the SEC-T conference in Sweden this week, and at Microsoft's BlueHat v18 in the United States on September 27. And although the researchers have shared their findings with Microsoft, Intel and Apple, mitigations are still a work in progress.More news: Threat becomes reality: Florence begins days of rain, wind
Interestingly, the vulnerability can not be fixed easily, and according to F-Secure, companies should be ready to deal with such attacks.
Their attack works on computers in sleep mode, since shut down and hibernation actions cut off the power, and cause the residual memory to quickly degrade beyond recovery.
The top recommendation from the experts is to configure laptops to shut down or hibernate instead of entering sleep mode. Educating workers, especially executives and employees who travel, about cold boot attacks and similar threats is also important.
Microsoft said it's updated its software to stop the attack.More news: Florence 'unloading epic amounts of rainfall' in North Carolina
- Dutch 'expelled two Russian spies over Novichok lab plot'
- Kavanaugh denies high school assault allegation
- 'Our fordable smartphone will replace traditional laptop,' boasts Huawei CEO
- Government to cut down non-essential imports: Arun Jaitley
- Browns' Gordon (hamstring) out vs. Saints
- Recalled Sane sets City on way to win over Fulham
- BMW shows off self-driving motorcycle
- Two Koreas open joint liaison office in North - pool report
- Hurricane Florence Dumps 'Epic Amounts of Rainfall' On US States
- Israel launched missile attack on Damascus airport: Syria