Firmware Vulnerability Lets Attackers Steal Data From Powered Off Computers

A new ‘Cold Boot Attack’ vulnerability has been found on Macs and Windows laptops and it puts user data at risk, essentially allowing hackers to steal data from these computers. The so called cold boot attack involves targeting a computer and stealing data from it while it is powered off. The firmware exploit affects these machines because of the way they overwrite data when they are turned off.

The vulnerability has been discovered by F-Secure, according to which Macs that have FireVault encryption feature turned on are also vulnerable. Perhaps the only reassuring thing about this vulnerability is that it requires the attacker to have physical access to a computer to be able to attack it. However if an attacker has access to the computer, the flaw is ‘easy to exploit’. Even though it has been discovered by F-Secure now, the people who uncovered this exploit note that they will be surprised if hacker groups are not aware of this technique already.

“It takes some extra steps,” said Segerdahl, but the flaw is “easy to exploit.” So much so, he said, that it would “very much surprise” him if this technique isn’t already known by some hacker groups.

Researchers who made the discovery had already shared the details about this vulnerability with Apple, Microsoft and Intel. Apple has already solve this issue on T2 chip equipped Macs, so iMac Pro and 2018 MacBook Pros are not vulnerable. Apple is also said to be working on fixing this bug on Macs that don’t have the T2 chip. (TechCrunch)

Disclosure: iOSHacker may receive a commission if you purchase products through our affiliate links. For more visit our privacy policy page.
Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Previous Article

Apple's Budget Phones Compared: iPhone XR vs. iPhone SE vs. iPhone 5C

Next Article

You Can Use 38mm And 42mm Bands With 40mm And 44mm Series 4 Watch Respectively