Many, many moons ago a vulnerability was discovered which would let you grab some or all of the data last written to RAM. A computer in sleep mode could be powered off, the firmware specifically modified and then booted from a USB drive, allowing an attacker to extract data from the RAM. This requires physical access and a specific skill set but does not take all that long. This new attack is used to grab the encryption keys from memory, which then allows them to gain access to the data stored on your encrypted drives. The Inquirer reports that there is a solution to this resurrected vulnerability, however it is only easy to implement before a system is provided to customers, worrying for companies using these commonly deployed brands.
"But F-Secure principal security consultant Olle Segerdahl, along with other researchers from the security outfit, claim they've discovered a way to disable that safety measure and extract data using the ten-year-old cold boot attack method."
Here is some more Tech News from around the web:
- Smartphone vendors looking for new thermal management solutions for 5G phones @ DigiTimes
- NVIDIA GeForce RTX 2080 Unboxing @ TechPowerUp
- Adobe chatting up Marketo – reports @ The Register
- Native Support For Windows File Sharing Coming To Chrome OS @ Slashdot
- Lenovo announces a joined-up security offering and shows off a ThinkPad with an i9 chip @ The Inquirer