If you thought disk encryption was completely impervious to attacks from outside, you may need to reconsider. According to a new report by the security firm F-Secure, findings of which were published by TechCrunch, nearly all encryption methods are vulnerable to attacks during startup.
During its testing, the company found a new exploit using the good-old cold boot. When your PC or laptop is turned off, it overwrites the memory so it can’t be read. However, the researchers discovered a way to stop the overwriting process, making the device vulnerable to cold boot attacks. They can easily bypass popular encryption programs such as BitLocker and FileVault by following a few simple steps.
ALSO READ
Pakistani Researcher Discovers Address Bar Spoofing Vulnerability in Safari and Microsoft Edge
The hacker only needs to figure out how the overwriting process works, after which the hacker can get access to the disk encryption keys. Not just that, they can get access to other areas of the memory and obtain confidential information. The process takes a few hours at most.
It is also widespread, so much so that pretty much every Mac and Windows PC is said to be affected by it. However, it won’t affect newer Mac users.
Notable parties, such as Intel, Microsoft and Apple were involved before the publishing the findings. Both Apple and Microsoft downplayed the situation. The former reckons you can use a startup PIN to ameliorate the situation, while Apple observes that its T2 chip, which comes with the iMac Pro and 2018 MacBook Pro models protects users from these attacks.
F-Secure’s prinicpal security consultant, Olle Segerdahl said,
Unfortunately, there is nothing Microsoft can do, since we are using flaws in PC hardware vendors’ firmware. Intel can only do so much, their position in the ecosystem is providing a reference platform for the vendors to extend and build their new models on.
He said that for the most part, users and companies are “on their own”.
F-Secure says that attacks are so straightforward that it is likely some hackers are still targeting users using them. Right now, the one thing you can do is stop strangers from handling your laptop to avoid compromising your security.
Via TechCrunch
