What's old becomes new again. That saying holds true for music, fashion and now, decade-old vulnerabilities that laptop makers have long since mitigated against. Cybersecurity vendor F-Secure announced today that "nearly all modern computers" are vulnerable to a cold boot attack that overrides existing safeguards. This attack can give someone access to laptop firmware and, therefore, encryption keys and other private data.
F-Secure explained that a cold boot attack lets hackers recover data available in RAM when a computer is rebooted without following the proper shutdown process. Attacks of this sort were discovered in 2008, and most laptop makers have since made their laptops automatically overwrite RAM to defend against them. This new attack lets someone with physical access to a laptop (and the right equipment) bypass those protections.
This vulnerability is particularly worrisome for organizations that regularly handle sensitive information, such as banks or government agencies, because the information gathered from a compromised laptop could let hackers work their way into other systems. Even secure networks can be accessed if someone is able to get their encryption keys, passwords and other relevant data by accessing a trusted laptop.
F-Secure said it confirmed that laptops from Apple, Dell and Lenovo are vulnerable to this modified attack and that it notified Microsoft, Intel and Apple about the problem so they could start to address it. But there isn't a convenient fix available for laptops that are already being used; organizations will have to adopt numerous safeguards in response.
F-Secure principal security consultant Olle Segerdahl explained in a blog post: "When you think about all the different computers from all the different companies and combine that with the challenges of convincing people to update, it’s a really difficult problem to solve easily. It will take the kind of coordinated industry response that doesn’t happen overnight. In the meantime, companies will need to manage on their own.”
Because the attack requires physical access, it's also hard to know if someone has already discovered and used it. F-Secure characterized the attack as something that a low-level hacker might not discover but that anyone interested in corporate espionage or the like would be very interested in. Organizations have to decide if they want to proceed as if they were affected, which could be costly, or if they'll ignore the issue.
F-Secure advised concerned organizations to require Bitlocker PIN entry when a laptop powers up or restarts, to make sure employees force the laptops to shut down or hibernate instead of going into sleep mode and to keep laptops safe and have a plan for if they go missing. Aside from those steps, however, it's up to the laptop industry to make sure their products aren't susceptible to this modified attack.