A New Attack Unveiled to Steal Passwords and Sensitive Info Stored on Most Modern PCs

Security researchers have revealed a new attack to steal passwords, encryption keys and other sensitive information stored on most modern computers, even those with full disk encryption. A New Attack Unveiled to Steal Passwords and Sensitive Info Stored on Most Modern PCs.

The attack is a new variation of a traditional Cold Boot Attack, which is around since 2008 and lets attackers steal information that briefly remains in the memory (RAM) after the computer is shut down. “Cold boot attacks are a known method of obtaining encryption keys from devices. But the reality is that attackers can get their hands on all kinds of information using these attacks. Passwords, credentials to corporate networks, and any data stored on the machine are at risk,” the security firm warns in a blog post published today.

A New Attack Unveiled to Steal Passwords and Sensitive Info Stored on Most Modern PCs

However, to make the cold boot attacks less effective, most modern computers come bundled with a safeguard, created by the Trusted Computing Group (TCG), that overwrites the contents of the RAM when the power on the device is restored, preventing the data from being read.

Now, researchers from Finnish cyber-security firm F-Secure figured out a new way to disable this overwrite security measure by physically manipulating the computer’s firmware, potentially allowing attackers to recover sensitive data stored on the computer after a cold reboot in a matter of few minutes.

Microsoft updated its guidance on Bitlocker countermeasures in response to the F-Secure’s findings.But for Mac computers without the latest T2 chip, Apple recommended users to set a firmware password in order to help harden the security of their computers.

Intel has yet to comment on the matter.

According to the researchers there’s no reliable way to “prevent or block the cold boot attack once an attacker with the right know-how gets their hands on a laptop,” but suggest the companies can configure their devices so that attackers using cold boot attacks won’t find anything fruitful to steal.

Meanwhile, they recommend the IT departments to configure all company computers to either shut down or hibernate (not enter sleep mode) and require users to enter their BitLocker PIN whenever they power up or restore their PCs.

Attackers could still perform a successful cold boot attack against computers configured like this, but since the encryption keys are not stored in the memory when a machine hibernates or shuts down, there will be no valuable information for an attacker to steal.

Central Asia

Categories

Newsletter sign up

About Us

Newsletter sign up

Contact