PUNE: Consultants from cyber security provider F-Secure have discovered a weakness in modern computers that attackers can use to steal encryption keys and other sensitive information. Attackers need physical access to the computer before they can exploit the weakness. But F-Secure Principal Security Consultant Olle Segerdahl says once achieved, an adversary can successfully perform the attack against even the most hardened, secure computer in about 5 minutes.
“Typically, organizations aren’t prepared to protect themselves from an attacker that has physical possession of a company computer. And when you have a security issue found in devices from major PC vendors, like the weakness my team has learned to exploit, you need to assume that a lot of companies have a weak link in their security that they’re not fully aware of or prepared to deal with,” said Segerdahl. He said that they had notified Intel, Microsoft, and Apple about his team’s discovery and are working with these companies to provide better guidance to users and improve the security of current and future products.
The weakness allows attackers with physical access to a computer to perform a cold boot attack – an attack that’s been known to hackers since 2008. Cold boot attacks involve rebooting a computer without following a proper shutdown process, then recovering data that remains briefly accessible in the RAM after the power is lost. “It takes some extra steps compared to the classic cold boot attack, but it’s effective against all the modern laptops we’ve tested. And since this type of threat is primarily relevant in scenarios where devices are stolen or illicitly purchased by attackers, it’s the kind of thing an attacker will have plenty of time to execute,” said Segerdahl.
Using a simple hardware tool, an attacker can rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices. The cold boot attack can then be carried out by booting a special program off a USB stick. “Because this attack can work against basically any laptop used by companies there’s no reliable way for organizations to know their data is safe if a computer goes missing. And since 99 percent of company laptops will contain things like access credentials for corporate networks, it gives attackers a consistent, reliable way to compromise corporate targets,” said Segerdahl.
In the meantime, he recommends companies prepare themselves for these attacks. One way is to configure laptops to automatically shut down/hibernate instead of enter sleep mode and require users to enter the Bitlocker PIN anytime Windows boots up or restores. Educating workers, especially executives and employees who travel, about cold boot attacks and similar threats is also