Date:17/09/18
Security researchers have discovered a flaw with nearly all modern computers that allow potential hackers to steal sensitive information from your locked devices.
The attack only takes about five minutes to pull off, if the hacker has physical access to the computer, F-Secure principal security consultant Olle Segerdahl said in a statement Thursday. Cold boot attacks can steal data on a computer's RAM, where sensitive information is briefly stored after a forced reboot.
These attacks have been known since 2008, and most computers today have a safety measure where it removes the data stored on RAM to prevent hackers from stealing sensitive information. It's also not a common threat for the average person, since both access to the computer and special tools -- like a program on a USB stick -- are needed to carry out the attack.
But Segerdahl and researchers from F-Secure said they've found a way to disable that safety measure and extract data using cold boot attacks.
"It takes some extra steps compared to the classic cold boot attack, but it's effective against all the modern laptops we've tested," he said in a statement.
There's no immediate fix available for the new vulnerability, F-Secure said. The cybersecurity company recommends that you configure your laptops to automatically shut down or hibernate instead of having it enter sleep mode when you close your screen.
The company said it's contacted Microsoft, Intel and Apple about its discovery. Intel didn't respond to a request for comment.
"This technique requires physical access. To protect sensitive info, at a minimum, we recommend using a device with a discreet Trusted Platform Module (TPM), disabling sleep/hibernation and configuring BitLocker with a Personal Identification Number (PIN)," Jeff Jones, a senior director at Microsoft, said in a statement.
Microsoft told ZDNet that it's updating its BitLocker guidance, while Apple said all devices using a T2 chip aren't affected.
F-Secure's researchers presented their findings at a conference in Sweden on Thursday, and are set to present it again at Microsoft's security conference on Sept. 27.
Almost ‘all modern computers’ affected by cold boot attack, researchers warn
Security researchers have discovered a flaw with nearly all modern computers that allow potential hackers to steal sensitive information from your locked devices.The attack only takes about five minutes to pull off, if the hacker has physical access to the computer, F-Secure principal security consultant Olle Segerdahl said in a statement Thursday. Cold boot attacks can steal data on a computer's RAM, where sensitive information is briefly stored after a forced reboot.
These attacks have been known since 2008, and most computers today have a safety measure where it removes the data stored on RAM to prevent hackers from stealing sensitive information. It's also not a common threat for the average person, since both access to the computer and special tools -- like a program on a USB stick -- are needed to carry out the attack.
But Segerdahl and researchers from F-Secure said they've found a way to disable that safety measure and extract data using cold boot attacks.
"It takes some extra steps compared to the classic cold boot attack, but it's effective against all the modern laptops we've tested," he said in a statement.
There's no immediate fix available for the new vulnerability, F-Secure said. The cybersecurity company recommends that you configure your laptops to automatically shut down or hibernate instead of having it enter sleep mode when you close your screen.
The company said it's contacted Microsoft, Intel and Apple about its discovery. Intel didn't respond to a request for comment.
"This technique requires physical access. To protect sensitive info, at a minimum, we recommend using a device with a discreet Trusted Platform Module (TPM), disabling sleep/hibernation and configuring BitLocker with a Personal Identification Number (PIN)," Jeff Jones, a senior director at Microsoft, said in a statement.
Microsoft told ZDNet that it's updating its BitLocker guidance, while Apple said all devices using a T2 chip aren't affected.
F-Secure's researchers presented their findings at a conference in Sweden on Thursday, and are set to present it again at Microsoft's security conference on Sept. 27.
Views: 340
©ictnews.az. All rights reserved.
Similar news
- Azerbaijani project to monitor disease via mobile phones
- Innovative educational system to be improved under presidential decree
- NTRC prolongs license of two TV and radio organizations for 6 years
- Azerbaijan establishes e-registry for medicines
- Azerbaijani museum introduces e-guide
- Nar Mobile opens “Nar Dunyasi” sales and service center in Siyazan city
- International conference on custom electronic services held in Baku
- OIC secretary general to attend COMSTECH meeting in Baku
- Azerbaijan develops earthquake warning system
- New law to regulate transition to digital broadcasting in Azerbaijan
- Azerbaijani State Social Protection Fund introduces electronic digital signature
- Intellectual traffic management system in Baku to be commissioned in December
- Tax Ministry of Azerbaijan started receiving video-addresses
- World Bank recommends Azerbaijan to speed up e-service introduction in real estate
- Azerbaijan to shift to electronic registration of real estate
