The new findings that were published on Wednesday by F-Secure stated that none of the existing firmware security measures “ does a good enough job” of preventing data theft from the laptop.
F-Secure’s chief security consultant Olle Segerdahl stated that the susceptibilities put “nearly all” desktops and laptops—both Mac as well as Windows at risk.
The new attack stands on the shoulders of a traditional cold boot attack, a practice that is well known in the hacking community. When a device is powered down to disorganize the data from being read, the modern computers overwrite their memory. But Mr. Segerdahl and his Pasi Saarinen figured a way to make a cold boot attack possible again by simply disabling the overwriting process.
Segerdahl said, “It takes some extra steps, but the flaw is easy to exploit. He further added he would be surprised if the hacker groups are unaware of this technique.
“We are convinced that anybody tasked with stealing data off laptops would have already come to the same conclusions as us,” he said.
The fact that if you have a physical access to a computer, there are greater chances of someone stealing your data. Therefore, people use disk encryption like—like FileVault for Macs and BitLocker for Windows to jumble and protect data when a device is logged off.
But the researchers found something very contrasting to the fact. Regardless of being protected by FileVault and BitLocker, approximately in all the cases, the data is still vulnerable.
The researchers after figuring out the procedure of memory overwriting said that it took only a couple of hours to build an initial proof of concept that disallowed the firmware from clearing secrets from memory. The researchers from there perused for the disk encryption key that can be used to mount the protected volume when obtained.
Segerdahl said, “Not only the disk encryption keys are at risk. A potential attacker can embezzle anything that is stored in the memory, for instance, corporate network credentials and passwords that can result in a deeper compromise.
The results were first shared with Intel, Apple, and Microsoft before putting it to public display. The researchers asserted that only a modicum of devices remains unaffected by the attack. Microsoft in its recently updated article on BitLocker strongholds the claim that by using a startup PIN can lessen the cold boot attacks, but Windows users equipped with “Home” licenses seem to run out of luck. Furthermore, any Apple Mac fortified with a T2 chip will be unaffected, however, a firmware password will still aid in protection.
Both Apple and Microsoft talked down the risk.
In any scenario, there is not much prospect left for the computer makers to fix their affected fleet of existing devices said the researchers.
Segerdahl said, “Unfortunately, there is nothing Microsoft can do since we are using flaws in PC hardware vendors’ firmware. Intel can only do so much, their position in the ecosystem is providing a reference platform for the vendors to extend and build their new models on.”
“Companies and users are on their own. Planning for these events is a better practice than assuming devices cannot be physically compromised by hackers because that’s obviously not the case,” added Segerdahl.