Security flaw on modern PCs could leave your encrypted data exposed

MacBook Pro 15
Malarie Gokey/Digital Trends

A vulnerability on most modern PCs and Macs could leave your data exposed. Cybersecurity researchers at F-Secure discovered a weakness in the firmware of most modern computers could allow hackers access to encryption keys and other sensitive data.

Access to sensitive data is gained through a 2008-style cold boot attack, where the hacker forces a computer to restart without going through the normal shutdown process. The computer’s data is briefly accessible in the RAM after power is lost, but many modern devices overwrite the RAM to prevent unauthorized access to data during this type of attack. Researchers discovered that there is a way to disable the overwrite process, essentially reviving the decade-old method of attack.

“The attack exploits the fact that the firmware settings governing the behavior of the boot process are not protected against manipulation by a physical attacker,” F-Secure wrote in a blog post. “Using a simple hardware tool, an attacker can rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices. The cold boot attack can then be carried out by booting a special program off a USB stick.”

Despite the seriousness of the findings, the vulnerability may not be as damaging given that to carry out this exploit, hackers would need physical access to your device. If a hacker has physical access, the exploit can be conducted in approximately five minutes, researchers cautioned.

F-Secure shared its findings with Microsoft, Apple, and Intel, but given that physical device access is required for this type of attack, it doesn’t appear that a fix may be coming soon. Newer Mac systems with a T2 chip aren’t affected by this attack, and Microsoft claims that enabling pre-boot authentication with a PIN or startup key with BitLocker could help mitigate these risks. These more advanced security tactics, however, aren’t available to general consumers who run Windows 10 Home edition.

“Unfortunately, there is nothing Microsoft can do, since we are using flaws in PC hardware vendors’ firmware,” F-Secure principal security consultant Olle Segerdahl told TechCrunch. “Intel can only do so much, their position in the ecosystem is providing a reference platform for the vendors to extend and build their new models on.”

Product Review

Why get anything bigger? The new Mac Mini is all the desktop you need

Apple’s new Mac Mini doesn’t look much different from its predecessor, and it’s more expensive. Yet the changes under the hood make a case for its consideration as your new Mac. Can this entry-level machine hold its own?
Computing

Is your PC slow? Here's how to restore Windows 10 to factory settings

Computers rarely work as well after they've accumulated files and misconfigured settings. Thankfully, with this guide, you'll be able to restore your PC to its original state by learning how to factory reset Windows.
Computing

Hacker infects 100K routers in latest botnet attack aimed at sending email spam

An attacker is trying to infect your router with malware in order to send spam emails. If your router uses a Broadcom UPnP SDK, it could become vulnerable to this attack. So far, 100,000 routers worldwide have been infected.
Mobile

How to remove Android malware from your phone or tablet

Did you download an infected app? You need to remove Android malware as soon as possible. Here's the process to uninstall, along with some recommendations on how to safeguard your phone.
Computing

Cloudflare’s privacy-enhancing 1.1.1.1 DNS service comes to iOS and Android

Cloudflare's 1.1.1.1 DNS resolver service has been ported to mobile devices, and now anyone with an Android or iOS device can download it for free to take advantage of its speed and privacy-boosting features.
Gaming

The plug-and-play PC Classic joins the retro console bandwagon

Gaming company Unit-e is creating the PC Classic, a plug-and-play retro console that will come bundled with around 30 of the best DOS games. The system will support gamepads and keyboard setups.
Computing

Mozilla’s built-in price-tracking extension makes it easy to shop with Firefox

Mozilla has heard those worries about Black Friday shopping, and is now introducing a new set of experimental extensions which aim to make it easier to find the best deals online.
Computing

Best Buy’s pre-Black Friday deal takes $330 off the 2017 Surface Pro bundle

If you don't need the latest Surface Pro, Best Buy has a heavily discounted rendition of the 2017 model available in its pre-Black Friday sale. For just $1,000, you can get the tablet with a Core i5 CPU.
Computing

If you've lost a software key, these handy tools can find it for you

Missing product keys getting you down? We've chosen some of the best software license and product key finders in existence, so you can locate and document your precious keys on your Windows or MacOS machine.
Computing

Buying a laptop on Black Friday? Don't make one of these rookie mistakes

Shopping for a laptop on Black Friday can win you some excellent deals, but you should also avoid making common mistakes. Check out what to avoid when buying a laptop for Black Friday and what danger signs to be wary of.
Computing

The Mac mini's price jump has crept into iMac territory. How do they compare?

Apple announced a long-awaited update to the Mac mini. Thanks to the updated specs and increase in price, it's begun to creep up to the base model iMac. In this guide, we now put up the specs on the newest refreshed Mac mini against the…
Computing

Our favorite Windows apps will help you get the most out of your new PC

Not sure what apps you should be downloading for your newfangled Windows device? Here are the best Windows apps, whether you need something to speed up your machine or access your Netflix queue. Check out our categories and favorite picks.
Computing

Ray tracing not an option until it comes to all graphics cards, says AMD

Although Nvidia already supports the ray tracing feature on its high-end new GeForce Turning series of chips, AMD seemingly hinted it doesn't feel like ray tracing is ready until it comes to all level of graphics cards. 
Computing

Turn your desk into a command center with the best ultrawide monitors

Top of the line ultrawide monitors have the deepest curves, the sharpest colors, and the biggest screens on the market today. You’re going to want one, sooner or later. So why not sooner? These are the best ultrawide monitors you can buy…