Security Flaw in ‘Nearly All’ Modern PCs and Macs Exposes Encrypted Data

by Zach Whittaker, TechCrunch.com

Most modern computers, including those with disk encryption, are vulnerable to a new attack that can steal sensitive data in minutes, according to researchers at Finnish cybersecurity firm F-Secure.

None of the existing firmware security measures in the laptops tested adequately protected against the vulnerability, which is based on a traditional cold boot attack, the researchers say.

F-Secure’s Olle Segerdahl said the flaw threatens “nearly all” laptops and desktops, including Windows and Mac computers. Modern computers overwrite their memory when a device is turned off to prevent data from being read, but the researchers discovered a way to disable the overwriting process, making a cold boot attack possible.

The new exploit is built on the foundations of a traditional cold boot attack, a technique that is well known in the hacking community. Modern computers overwrite their memory when a device is powered down to scramble the data from being read. But Segerdahl and his colleague Pasi Saarinen found a way to disable the overwriting process, making a cold boot attack possible again.

“It takes some extra steps,” said Segerdahl, but the flaw is “easy to exploit.” So much so, he said, that it would “very much surprise” him if this technique isn’t already known by some hacker groups.

It’s no secret that if you have physical access to a computer, the chances of someone stealing your data is usually greater. That’s why so many use disk encryption — like BitLocker for Windows and FileVault for Macs — to scramble and protect data when a device is turned off. But the researchers found that in nearly all cases they can still steal data protected by BitLocker and FileVault regardless.

Because the attack requires physical access to a device, Microsoft is urging users to “practice good security habits, including preventing unauthorized physical access to their device.”  Read more.