Skip to main content
  1. Home
  2. Computing
  3. News

Security flaw on modern PCs could leave your encrypted data exposed

Chuong Nguyen
By
MacBook Pro 15
Malarie Gokey/Digital Trends

A vulnerability on most modern PCs and Macs could leave your data exposed. Cybersecurity researchers at F-Secure discovered a weakness in the firmware of most modern computers could allow hackers access to encryption keys and other sensitive data.

Access to sensitive data is gained through a 2008-style cold boot attack, where the hacker forces a computer to restart without going through the normal shutdown process. The computer’s data is briefly accessible in the RAM after power is lost, but many modern devices overwrite the RAM to prevent unauthorized access to data during this type of attack. Researchers discovered that there is a way to disable the overwrite process, essentially reviving the decade-old method of attack.

Recommended Videos

“The attack exploits the fact that the firmware settings governing the behavior of the boot process are not protected against manipulation by a physical attacker,” F-Secure wrote in a blog post. “Using a simple hardware tool, an attacker can rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices. The cold boot attack can then be carried out by booting a special program off a USB stick.”

Related

Despite the seriousness of the findings, the vulnerability may not be as damaging given that to carry out this exploit, hackers would need physical access to your device. If a hacker has physical access, the exploit can be conducted in approximately five minutes, researchers cautioned.

F-Secure shared its findings with Microsoft, Apple, and Intel, but given that physical device access is required for this type of attack, it doesn’t appear that a fix may be coming soon. Newer Mac systems with a T2 chip aren’t affected by this attack, and Microsoft claims that enabling pre-boot authentication with a PIN or startup key with BitLocker could help mitigate these risks. These more advanced security tactics, however, aren’t available to general consumers who run Windows 10 Home edition.

“Unfortunately, there is nothing Microsoft can do, since we are using flaws in PC hardware vendors’ firmware,” F-Secure principal security consultant Olle Segerdahl told TechCrunch. “Intel can only do so much, their position in the ecosystem is providing a reference platform for the vendors to extend and build their new models on.”

Editors' Recommendations

Topics
Chuong Nguyen
Chuong Nguyen
Former Digital Trends Contributor
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Gmail client-side encryption adds security for businesses
Google services (YouTube, Gmail, Chrome, Duo, Meet, Google Podcasts) icons app on smartphone screen.

Google has made client-side encryption (CSE) available for a number of its Workspace applications after introducing the function in beta mode last December.

Detailing the feature in a blog post on Tuesday, Google announced that client-side encryption would allow professional users to send data in Gmail and Calendar apps in such a way that no one except those in the organization and the recipients can access or read the content. Google as an entity is not even able to access data sent or created through Gmail or Calendar as it would be encrypted before reaching its servers. This is yet another way Google is using AI to the benefit of customers the brand said.

Read more
This major Apple bug could let hackers steal your photos and wipe your device
A physical lock placed on a keyboard to represent a locked keyboard.

Apple’s macOS and iOS are often considered to be more secure than their rivals, but that doesn’t make them invulnerable. One security team recently proved that by showing how hackers could exploit Apple’s systems to access your messages, location data, and photos -- and even wipe your device entirely.

The discoveries were published on the blog of security research firm Trellix, and will be of major concern to iOS and macOS users alike, since the vulnerabilities can be exploited on both operating systems. Trellix explains that Apple patched the exploits in macOS 13.2 and iOS 16.3, which were released in January 2023, so you should update your devices as soon as you can.

Read more
Your next MacBook Pro could be even faster than expected
The MacBook Pro on a wooden table.

If you thought Apple’s existing Mac chips were impressive, wait until you see what’s coming next. According to a new report from DigiTimes (via Wccftech), the next generation will be better than anything Apple offers at the moment -- much, much better.

That’s great news for Mac enthusiasts. Right now, Apple’s M-series chips are made by TSMC using a 5-nanometer process. They’re widely expected to shift to a smaller 3nm process soon, and according to DigiTimes, TSMC’s testing shows its 3nm process is surpassing even its own expectations.

Read more