Firmware Flaw Affecting All Modern Laptops Allows Encryption Key Theft

The Meltdown and Spectre vulnerabilities rocked the entire PC industry, and despite several patches to mitigate the risks, new variants of the flaws continue to surface. And it seems there is no respite for security professionals.

Finnish cybersecurity company, F-Secure, has discovered a new firmware flaw which affects all modern laptops and can be exploited to steal encryption keys and sensitive data.

The vulnerability allows a malicious party to perform a cold boot attack on a device which they can physically access, and all it takes is just five minutes to get past the security layers of a Windows or macOS-powered laptop and steal sensitive information.

"It takes some extra steps compared to the classic cold kick assault, merely information technology's effective against all the modern laptops we've tested", said F-Secure Principal Security Consultant, Olle Segerdahl. Modernistic laptops come with a safety machinery to thwart cold boot attacks, just F-Secure's squad discovered a flaw in that mechanism which allows hackers to disable the security firewall and successfully execute a cold boot attack.

"Because this attack works against the kind of laptops used past companies there's no reliable way for organizations to know their data is safety if a figurer goes missing. And since 99 percent of visitor laptops volition contain things similar access credentials for corporate networks, information technology gives attackers a consistent, reliable fashion to compromise corporate targets", Segerdahl explained.

Only the most worrisome aspect of the new discovery is that the vulnerability cannot be fixed easily, and as per F-Secure, companies should brace themselves for such attacks. The only way theft of sensitive data tin be prevented is past configuring all laptops to automatically shut downwards or get into hibernation mode whenever a device boots or restores.

Moreover, log-in credentials for accessing a network should immediately be changed as soon equally a device is reported missing, considering once a malicious political party has got physical access to a computer, they accept ample amount of time to exploit the firmware flaw and perform a cold kick attack to steal information. F-Secure has already shared details of the new vulnerability with Intel, Microsoft, and Apple to warning them about the threat.

Source: https://beebom.com/firmware-flaw-affecting-all-modern-laptops-allows-encryption-key-theft/

Posted by: garaybrohn1967.blogspot.com

Share this post