What is the Issue?
Researchers have discovered that a new exploit built on the foundations of the cold boot attack leaves nearly all laptops and desktops; both Windows and Mac users vulnerable. Attackers can meddle with a computer’s firmware to disable security measures and allow an attacker to recover sensitive data stored on that computer, such as passwords, corporate files, encryption keys, and more. Most computers have safety measures in place to prevent these attacks, but researchers have discovered a way to disable these measures and extract data.
Why is this noteworthy?
The vulnerability can be found in nearly all modern computers. The attack takes only about 5 minutes to complete and these attacks have been around since 2008. Experienced hackers can use this attack to extract data from devices that are locked or shut down.
What is the exposure or risk?
The risk to be considered; exploitation of this vulnerability can lead to the theft of credentials, and sensitive information. To exploit this vulnerability, the attacker needs to have physical access to the device. There is no immediate fix for this vulnerability available, but it’s been identified that Apple devices with the T2 chip aren’t affected.
What are the recommendations?
SKOUT recommends ensuring and enhancing physical security measures to corporate computers. To enhance security its recommended to disable sleep/hibernation mode on devices, use a device with a Trusted Platform Module(TPM), configure BitLocker with Personal Identification Numbers(PIN), and identify Apple devices without T2 chips.
References:
If you have any questions, please contact our Security Operations Center.