Security Flaw Discovered in ‘Nearly All’ Modern PCs and Macs Can Expose Encrypted Data


Device owners are more aware of potential data theft situations than ever before, especially considering those devices are so important to our daily routines.

Unfortunately, F-Secure has discovered a new security flaw that puts “nearly all” modern PCs and Macs at risk. TechCrunch has the report on Thursday, and details that the exploit has to do with how modern computers overwrite data when they are turned off. It requires a “cold boot attack”, and focuses on extracting data when a machine is turned off.

“The new exploit is built on the foundations of a traditional cold boot attack, which hackers have long used to steal data from a shut-down computer. Modern computers overwrite their memory when a device is powered down to scramble the data from being read. But Segerdahl and his colleague Pasi Saarinen found a way to disable the overwriting process, making a cold boot attack possible again.”

Specifically, the exploit is tied to the firmware and makes it so that data overwriting is turned off. And while the security flaw is serious in its own right, it is worth noting that to be vulnerable, a malicious individual would need to have physical access to the Mac in question.

As far as how serious the security flaw is:

“It takes some extra steps,” said Segerdahl, but the flaw is “easy to exploit.” So much so, he said, that it would “very much surprise” him if this technique isn’t already known by some hacker groups.

“We are convinced that anybody tasked with stealing data off laptops would have already come to the same conclusions as us,” he said.”

The real issue comes down to the fact that even services that are meant to keep data secure, even when the device is turned off, like BitLocker and FileVault, are susceptible to the threat and don’t successfully secure the data.

“That’s why so many use disk encryption — like BitLocker for Windows and FileVault for Macs — to scramble and protect data when a device is turned off.

But the researchers found that in nearly all cases they can still steal data protected by BitLocker and FileVault regardless.”

F-Secure has shared their discovery with Apple, Microsoft, and Intel. A bit of good news? It appears that Macs that have Apple’s T2 chip installed are immune to the threat. Apple, for its part, says it is looking into finding ways to secure older devices that don’t have the T2 chip installed.

[via TechCrunch]