A team of security researchers said that most modern computer hardware, including hardware encryption, Disk Encryption is vulnerable to a new attack that allows hackers to steal encryption keys and sensitive data, such as passwords and sensitive files of major companies and others in minutes.
The new attack, introduced today at the SEC-T security conference in Sweden, is a new form of cold boot attacks, known for nearly a decade, that can interfere with the firmware of a computer to disrupt security procedures and allow an attacker to restore data Sensitive computers stored on this computer. This attack will work against almost all modern computers, including desktop and laptop computers from some of the world’s largest suppliers such as Dell, Lenovo and even Apple.
A team of security researchers at Finnish security firm F-Secure has tested a number of laptop computers and found that the Firmware’s measures in each tested laptop have a number of weaknesses that allow data theft. Attackers who can physically access a target computer can exploit this vulnerability to perform a successful cold boot attack, allowing them to steal encryption keys and other sensitive information.
“These vulnerabilities expose almost all desktop and laptop computers – both Windows and MacOS – to risk,” said Olle Segerdahl, senior security advisor at F-Secure.
Cold boot attacks occur when the attacker forces the computer to reset / restart and then steals any remaining data in the RAM of that device. These attacks require physical access to devices and special hardware tools, and generally this type of attack is not targeted Ordinary users, but only targeted computers that store highly sensitive information, or individuals with sensitive positions such as government officials or business people.
Over the years, operating system vendors and computer vendors have implemented many security measures to reduce the impact of cold boot attacks if they occur. One of these is that computers replace the contents of RAM when the device is restarted, F-Secure has discovered that they can disable this feature by modifying the firmware settings and stealing data from the computer’s RAM after rebooting. “Some additional steps are required, but the gap is easy to exploit,” Segerdahl said.
“This is not exactly what attackers who are looking for easy targets will use, but it’s a kind of way for pirates who are looking for a bigger hunt like a bank or a big institution.”
It is worth noting that if there is actual access to your computer, the chances of someone stealing your data are usually larger. That’s why many people use hard disk encryption methods – such as the BitLocker feature built into Windows and FileVault for Apple’s Mac – to change and protect data when the device is turned off.
But researchers found that in almost all cases they could still steal data protected by BitLocker and FileVault regardless of their presence on the device.
The researchers say that this method will work against almost all modern computers, so they have already informed major companies such as Microsoft, Intel and Apple of their findings before publication.
Microsoft responded by updating the BitLocker instructions included in its operating system, while Apple said all devices using the T2 chip were not at risk.
Both Microsoft and Apple have reduced the potential risks of these attacks. For the condition that the attacker needs physical access to a device, Microsoft has encouraged its customers to “practice good security habits, including preventing unauthorized physical access to their devices,” Apple said. It is looking at procedures to protect Mac devices that do not support the T2 chip.
For companies, researchers recommend that system administrators and IT departments reboot the on-premises computers’ operating systems to shut down or hibernate (not sleep mode) and ask users to enter the PIN BitLocker when they run their devices.
“Cold boot attacks will continue to work, but by encrypting the hard drive through BitLocker or another similar system, this limits the amount of data an attacker can obtain, and the encryption keys are not stored in random access memory (RAM) when the device is turned off or is in hibernate mode, so there is no valuable information that hackers can steal. “