Security researchers of F-Secure have discovered a flaw with nearly all modern computers that allow potential hackers to steal sensitive information from your locked devices.
As reported by TechCrunch, the firmware exploit has to do with how almost all Mac and Windows machines overwrite data when they are turned off. This exploit is based on a cold boot attack, where hackers are working to steal data from a computer that’s powered off.
The attack only takes about five minutes to pull off, if the hacker has physical access to the computer, F-Secure principal security consultant Olle Segerdahl said in a statement Thursday. Cold boot attacks can steal data on a computer’s RAM, where sensitive information is briefly stored after a forced reboot.“The attack exploits the fact that the firmware settings governing the behavior of the boot process are not protected against manipulation by a physical attacker,” F-Secure wrote in a blog post. “Using a simple hardware tool, an attacker can rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices. The cold boot attack can then be carried out by booting a special program off a USB stick.”
The researchers previously shared their discovery with Apple, Microsoft and Intel. Macs with the new T2 chip are immune from the flaw, which include the iMac Pro and the 2018 MacBook Pros.
“This technique requires physical access. To protect sensitive info, at a minimum, we recommend using a device with a discreet Trusted Platform Module (TPM), disabling sleep/hibernation and configuring BitLocker with a Personal Identification Number (PIN),” Jeff Jones, a senior director at Microsoft, said in a statement.
Microsoft told ZDNet that it’s updating its BitLocker guidance, while Apple said all devices using a T2 chip aren’t affected.