In 2008, a research group found that computers and laptops were left vulnerable to data loss after cold booting the system. Recently, consultants at F-Secure found that a vulnerability within much hardware firmware, a decade on, still suffer from the same occurrence.
Olle Segerdahl and Pasi Saarinen of F-Secure ran tests on world leading vendors, such as: Dell, Lenovo and Apple and found that even a laptop with full disk encryption could suffer from a potential headache thanks to hackers.
Now, before we carry on we should add that unlike data theft off servers and devices on a network, this security concern is based on the physical computer or laptop being stolen and accessed.
For many, we probably take it for granted that our homes, offices or airport luggage is secure. But what about theft? – it’s a real threat after all – we are all at risk.
When a modern computer/ laptop is powered down, memory is overwritten to help scramble any data from being read. But, techniques have been found that can disable the overwriting process during a cold boot – your data is then vulnerable.
Researchers have found that data protected through services such as BitLocker and FileVault can also be accessed.
Think of all the secrets and vital data that can then be accessed. Passwords, network credentials and encrypted data, for that moment of time during the boot process, can still be accessed and potentially lead to further compromises.
Due to this being a hardware issue, it makes a potential fix from firmware developers a long time coming. But with cyber security pioneers such as F-Secure on the ball, they have taken steps to contact leading vendors to find potential fixes and keep our data secure. F-Secure may not have the magic wand to wave over our security in this instance, they’ve made sure 25 years of development and research hasn’t gone to waste. After all, it would be easy to forget about security issues of the past. Although not exactly the same as issues found in 2008, a decade on, F-Secure have found modifications can be made to bring physical data loss into focus again.
With tens of millions of consumer customers and hundreds of thousand more corporate clients, F-Secure are all about making sure you have the right team fighting your corner.
So what can you, or your company do to better protect your data?
F-Secure recommend that companies have a response plan in place of any potential incidents arising. What’s more, companies should sit on their plan but actively rehearse their plans to deal with lost or stolen computers. After all, a quick response can be the difference between credentials being out dated or an escalated security risk.