F-Secure, the security firm, announced Thursday (Sept. 13) that consultants for the company have found a weakness in all modern computers that hackers could use to steal encryption keys and other data.
According to a press release from the company, hackers must first have physical access to the computer to pull off the breach. Once they get that, a bad actor could successfully perform the attack in about five minutes, said F-Secure Principal Security Consultant Olle Segerdahl.
“Typically, organizations aren’t prepared to protect themselves from an attacker that has physical possession of a company computer,” said Segerdahl in the press release. “And when you have a security issue found in devices from major PC vendors, like the weakness my team has learned to exploit, you need to assume that a lot of companies have a weak link in their security that they’re not fully aware of or prepared to deal with.”
F-Secure said the weakness enables hackers with physical access to the computer to perform a cold boot attack, which involves rebooting a computer without the proper shutdown process and then recovering data that is accessible briefly in the RAM when the power is lost. Modern laptops overwrite RAM to prevent cold boot attacks, but Segerdahl and his team of researchers found a way to disable the overwrite and re-enable the old cold boot attack.
“It takes some extra steps compared to the classic cold boot attack, but it’s effective against all the modern laptops we’ve tested. And since this type of threat is primarily relevant in scenarios where devices are stolen or illicitly obtained, it’s the kind of thing an attacker will have plenty of time to execute,” said Segerdahl. “Because this attack works against the kind of laptops used by companies, there’s no reliable way for organizations to know their data is safe if a computer goes missing. And since 99 percent of company laptops will contain things like access credentials for corporate networks, it gives attackers a consistent, reliable way to compromise corporate targets.”
According to F-Secure, the research has been shared with Intel, Microsoft and Apple to help the PC industry improve the security of current and future products. With low expectations that a fix is coming anytime soon, F-Secure said companies should prepare for these types of attacks. One way to do that is to configure laptops to automatically shut down instead of going into sleep mode. What’s more, it said educating workers about cold boot attacks is also important.