Security Flaw Discovered in Nearly All Macs and PCs

Security Flaw Discovered in Nearly All Macs and PCs

A new vulnerability brings back the risk of a cold boot attack.

  • By Sydny Shepard
  • Sep 17, 2018

In new findings published last week, F-Secure said that no modern device, Macs and PCs alike, do not have existing firmware security measures that "do a good enough job" preventing a new attack that can steal sensitive data in a matter of minutes.

F-Secure principal security consultant Olle Segerdahl explained that the vulnerabilities put "nearly all" laptops and desktops at risk.

The new exploit is built on the foundations of a traditional cold boot attack, a technique that is well known in the hacking community. Modern computers overwrite their memory when a device is powered down to scramble the data from being read. F-Secure believes they have found a way to disable the overwriting process, making a cold boot attack possible again.

"It takes some extra steps," Segerdahl said. "But the flaw is easy to exploit."

So much so, that it would "very much surprise" him if this technique isn't already known by some hacker groups.

It is no secret that if you have physical access to a computer, the changes of someone stealing your data is usually greater. That's why so many use disk encryption, like BitLocker for Windows and FileVault for Macs, to scramble and protect data when a device is turned off. The researchers, however, found that in nearly all cases, they can still steal data protected by those programs.

After the researchers figured out how the memory overwriting process works, they said it took just a few hours to build  a proof-of-concept tool that prevented the firmware from clearing secrets from memory. From there, the researchers scanned for disk encryption keys, which, when obtained, could be used to mount the protected volume.

It's not just disk encryption keys at risk, Segerdahl said. A successful attacker can steal "anything that happens to be in the memory," like passwords and corporate network credentials, which can lead to deeper compromise.

Their findings were shared with Microsoft, Apple, and Intel prior to release. According to the researchers, only a smattering of devices aren’t affected by the attack. Microsoft said in a recently updated article on BitLocker countermeasures that using a startup PIN can mitigate cold boot attacks, but Windows users with “Home” licenses are out of luck. And, any Apple Mac equipped with a T2 chip are not affected, but a firmware password would still improve protection.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • A Look at AI

    Large language models (LLMs) have taken the world by storm. Within months of OpenAI launching its AI chatbot, ChatGPT, it amassed more than 100 million users, making it the fastest-growing consumer application in history. Read Now

  • First, Do No Harm: Responsibly Applying Artificial Intelligence

    It was 2022 when early LLMs (Large Language Models) brought the term “AI” into mainstream public consciousness and since then, we’ve seen security corporations and integrators attempt to develop their solutions and sales pitches around the biggest tech boom of the 21st century. However, not all “artificial intelligence” is equally suitable for security applications, and it’s essential for end users to remain vigilant in understanding how their solutions are utilizing AI. Read Now

  • Improve Incident Response With Intelligent Cloud Video Surveillance

    Video surveillance is a vital part of business security, helping institutions protect against everyday threats for increased employee, customer, and student safety. However, many outdated surveillance solutions lack the ability to offer immediate insights into critical incidents. This slows down investigations and limits how effectively teams can respond to situations, creating greater risks for the organization. Read Now

  • Security Today Announces 2025 CyberSecured Award Winners

    Security Today is pleased to announce the 2025 CyberSecured Awards winners. Sixteen companies are being recognized this year for their network products and other cybersecurity initiatives that secure our world today. Read Now

  • Empowering and Securing a Mobile Workforce

    What happens when technology lets you work anywhere – but exposes you to security threats everywhere? This is the reality of modern work. No longer tethered to desks, work happens everywhere – in the office, from home, on the road, and in countless locations in between. Read Now

Most   Popular

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities