Skip to main content

Security flaw on modern PCs could leave your encrypted data exposed

MacBook Pro 15
Malarie Gokey/Digital Trends

A vulnerability on most modern PCs and Macs could leave your data exposed. Cybersecurity researchers at F-Secure discovered a weakness in the firmware of most modern computers could allow hackers access to encryption keys and other sensitive data.

Access to sensitive data is gained through a 2008-style cold boot attack, where the hacker forces a computer to restart without going through the normal shutdown process. The computer’s data is briefly accessible in the RAM after power is lost, but many modern devices overwrite the RAM to prevent unauthorized access to data during this type of attack. Researchers discovered that there is a way to disable the overwrite process, essentially reviving the decade-old method of attack.

Recommended Videos

“The attack exploits the fact that the firmware settings governing the behavior of the boot process are not protected against manipulation by a physical attacker,” F-Secure wrote in a blog post. “Using a simple hardware tool, an attacker can rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices. The cold boot attack can then be carried out by booting a special program off a USB stick.”

Despite the seriousness of the findings, the vulnerability may not be as damaging given that to carry out this exploit, hackers would need physical access to your device. If a hacker has physical access, the exploit can be conducted in approximately five minutes, researchers cautioned.

F-Secure shared its findings with Microsoft, Apple, and Intel, but given that physical device access is required for this type of attack, it doesn’t appear that a fix may be coming soon. Newer Mac systems with a T2 chip aren’t affected by this attack, and Microsoft claims that enabling pre-boot authentication with a PIN or startup key with BitLocker could help mitigate these risks. These more advanced security tactics, however, aren’t available to general consumers who run Windows 10 Home edition.

“Unfortunately, there is nothing Microsoft can do, since we are using flaws in PC hardware vendors’ firmware,” F-Secure principal security consultant Olle Segerdahl told TechCrunch. “Intel can only do so much, their position in the ecosystem is providing a reference platform for the vendors to extend and build their new models on.”

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Your next Mac monitor could have this genius new feature
The Mac Studio and Studio Display on a desk.

Apple has crafted a thriving ecosystem of smart home devices that work with its HomeKit platform, and we could see an interesting new addition if the company’s latest big idea comes to fruition. If it does, you could see your Mac’s display double up as a handy smart home accessory.

The news comes from journalist Mark Gurman, who has previously leaked accurate details about Apple’s future plans. According to the paid-for section of Gurman’s Power On newsletter, Apple is developing a Mac monitor that could double up as a smart home display when your Mac is idle.

Read more
This critical exploit could let hackers bypass your Mac’s defenses
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

Microsoft has discovered a critical exploit in macOS that could grant hackers easy access to your Mac’s most important data. Dubbed ‘Migraine,’ it shows why it’s vital to update your Mac as soon as possible.

Migraine is so damaging because it can bypass Apple’s System Integrity Protection, or SIP for short. SIP is enabled by default on modern Macs and works by sandboxing sensitive parts of the computer from outside meddling. Only processes that are signed by Apple (or those with special privileges, like Apple installers) are allowed to alter something guarded by SIP.

Read more
Your next MacBook Air could be even faster than expected
The Apple MacBook Pro 14 laptop propped up at an angle on a desk.

Apple’s upcoming 15-inch MacBook Air could be launching sooner than expected, which is encouraging for anyone who has been waiting for this much-rumored device. But the good news doesn’t end there, as it could also get a sizeable chip upgrade that would leave rival devices in the dust.

For months, it had been suggested that Apple was working on a new 15-inch version of the MacBook Air that was going to be released at a spring event. However, now that Apple has announced it will host its Worldwide Developers Conference (WWDC) -- but not a spring event -- it seems that the latter isn’t happening. That suggests the 15-inch MacBook Air will have to wait until WWDC before seeing the light of day.

Read more