Modern laptops vulnerable to cold-boot attacks, finds research
21 September 2018
Modern laptops and computers feature a critical-yet-less-known vulnerability that allows anyone with physical access to a computer to reboot the device and access stored files.
This was revealed by security researchers at F-Secure who observed that even though modern laptops and computers have security features that prevent hackers from cold-booting computers, hackers can still perform such attacks by employing a few extra steps.
Cold-boot attacks possible on modern laptops too
Cold-boot attacks involve rebooting of a computer without following a proper shutdown process, then recovering data that remains briefly accessible in the RAM after the power is lost. The vulnerability was supposedly removed after device manufacturers introduced a feature to overwrite RAM, thereby preventing cold-boot attacks.
However, according to the F-Secure team, there is a way to disable the overwrite process and to access data stored in the RAM. To perform this, a hacker will need to have physical access to a computer.
“It takes some extra steps compared to the classic cold-boot attack, but it’s effective against all the modern laptops we’ve tested. And since this type of threat is primarily relevant in scenarios where devices are stolen or illicitly obtained, it’s the kind of thing an attacker will have plenty of time to execute,” said Olle Segerdahl, Principal Security Consultant at F-Secure.
“The attack exploits the fact that the firmware settings governing the behavior of the boot process are not protected against manipulation by a physical attacker. Using a simple hardware tool, an attacker can rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices. The cold boot attack can then be carried out by booting a special program off a USB stick.
“Because this attack works against the kind of laptops used by companies there’s no reliable way for organizations to know their data is safe if a computer goes missing. And since 99 percent of company laptops will contain things like access credentials for corporate networks, it gives attackers a consistent, reliable way to compromise corporate targets. There’s no easy fix for this issue either, so it’s a risk that companies are going to have to address on their own,” he added.
While F-secure has shared information about the vulnerability with the likes of Microsoft, Apple and Intel, Segerdahl says that since companies cannot ensure that all of their computers or laptops will remain safe from thieves at all times, they can take certain measures to ensure that hackers aren’t able to reboot laptops using cold-boot attacks and steal sensitive information.
“A quick response that invalidates access credentials will make stolen laptops less valuable to attackers. IT security and incident response teams should rehearse this scenario and make sure that the company’s workforce knows to notify IT immediately if a device is lost or stolen. Planning for these events is a better practice than assuming devices cannot be physically compromised by hackers because that’s obviously not the case,” Segerdahl added.
Recurring security issues in popular laptop models
This isn’t the first time that security researchers have observed company-owned devices featuring critical-yet-unnoticed vulnerabilities that could place corporate data or trade secrets at risk. Last year, security researcher Michael Myng discovered the presence of keylogging software in several HP laptop models that could record letters typed on their keyboards at all times.
Even though the keylogging software was disabled by default in HP laptops, it could be activated by anyone with access to a computer. According to HP, as many as 460 HP laptop models featured this vulnerability and the same was acknowledged by HP.
“A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability,” said HP in a statement on its website.
Godfrey Cheng, VP of Product at Synopsis, also revealed last year that by using cheaper smartphone fingerprint sensors instead of secure sensors in laptops, laptop manufacturers were placing the security of their customers at risk, even though the use of such sensors helped them save 25 cents per machine.
Typical fingerprint sensors in laptops encrypt stored fingerprints and verify new prints by using secondary host processors, thus making it difficult for hackers to obtain users’ biometric details. On the other hand, smartphone fingerprint sensors send fingerprints to CPUs for processing through an unencrypted channel which is vulnerable to hacks, he said.