A research report published by F-Secure has unearthed a new flaw that makes most of the devices including those that are equipped with disk encryption vulnerable to an attack that could steal personal data within minutes.
As reported by ZDNet, F-Secure’s findings say that contemporary security measures are enough to prevent the theft caused by the new flaw.
The attack is a variation of the old cold boot attack which is a popular technique in the hacking world. This type of attack resets a computer forcefully and then steals the leftover data in the RAM.
To steal the data through a cold boot attack, one would need physical access to the computer and specialized hardware. Normal computers are not considered as a target to such an attack as compared to the computers that store valuable information like the ones owned by government agencies and businesses.
One of the protection measures deployed by the hardware manufacturer is overwriting the contents of the RAM after the cold boot attacked computer is switched on.
F-Secure’s researchers have found that they can stop the overwriting procedure thus making the computer vulnerable.
According to the F-Secure Principal Security Consultant Olle Segerdahl, who is involved in the research, “It’s not exactly easy to do, but it’s not a hard enough issue to find and exploit for us to ignore the probability that some attackers have already figured this out.”
The researchers said that they have warned major companies such as Microsoft, Apple, and Intel about their latest findings. Microsoft has updated its Bitlocker Guidance as an added security measure while Apple has said that all the devices that are working on the T2 chip that is not vulnerable to the attacks.