Consultants from cyber security provider F-Secure have discovered a weakness in modern computers that attackers can use to steal encryption keys and other sensitive information. The discovery has compelled the researchers to warn PC vendors and users that current security measures aren’t enough to protect data in lost or stolen laptops.
Attackers need physical access to the computer before they can exploit the weakness. But F-Secure Principal Security Consultant Olle Segerdahl says once achieved, an adversary can successfully perform the attack in about 5 minutes.
“Typically, organizations aren’t prepared to protect themselves from an attacker that has physical possession of a company computer. And when you have a security issue found in devices from major PC vendors, like the weakness my team has learned to exploit, you need to assume that a lot of companies have a weak link in their security that they’re not fully aware of or prepared to deal with,” said Segerdahl.
The weakness allows attackers with physical access to a computer to perform a cold boot attack – an attack that’s been known to hackers since 2008. Cold boot attacks involve rebooting a computer without following a proper shutdown process, then recovering data that remains briefly accessible in the RAM after the power is lost.
Modern laptops now overwrite RAM specifically to prevent attackers from using cold boot attacks to steal data. However, Segerdahl and his team discovered a way to disable the overwrite process and re-enable the decade old cold boot attack.
“It takes some extra steps compared to the classic cold boot attack, but it’s effective against all the modern laptops they’ve tested. And since this type of threat is primarily relevant in scenarios where devices are stolen or illicitly obtained, it’s the kind of thing an attacker will have plenty of time to execute,” explained Segerdahl.
The attack exploits the fact that the firmware settings governing the behavior of the boot process are not protected against manipulation by a physical attacker. Using a simple hardware tool, an attacker can rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices. The cold boot attack can then be carried out by booting a special program off a USB stick.
“Because this attack works against the kind of laptops used by companies there’s no reliable way for organizations to know their data is safe if a computer goes missing. And since 99 percent of company laptops will contain things like access credentials for corporate networks, it gives attackers a consistent, reliable way to compromise corporate targets,” said Segerdahl. “There’s no easy fix for this issue either, so it’s a risk that companies are going to have to address on their own.”
Segerdahl has shared his team’s research with Intel, Microsoft and Apple to help the PC industry improve the security of current and future products.
Because Segerdahl doesn’t expect an immediate fix from the industry anytime soon, he recommends companies prepare themselves for these attacks. One way is to configure laptops to automatically shut down/hibernate instead of enter sleep mode and require users to enter the Bitlocker PIN anytime Windows boots up or restores. Educating workers, especially executives and employees who travel, about cold boot attacks and similar threats is also important. And IT departments should have an incident response plan ready to deal with laptops that go missing.
“A quick response that invalidates access credentials will make stolen laptops less valuable to attackers. IT security and incident response teams should rehearse this scenario and make sure that the company’s workforce knows to notify IT immediately if a device is lost or stolen,” advises Segerdahl. “Planning for these events is a better practice than assuming devices cannot be physically compromised by hackers because that’s obviously not the case.”
Segerdahl and his associate, F-Secure Security Consultant Pasi Saarinen, are scheduled to present the research at the SEC-T conference in Sweden on September 13, and again at Microsoft’s BlueHat v18 conference in the United States on September 27.
Rahul Agarwal Quits Lenovo, Shailendra Katyal Promoted as MD India
Lenovo has appointed Shailendra Katyal as Managing Director, Lenovo PCSD India, and Site Leader for Lenovo Group in India, effective May 1, 2021. He will succeed Rahul Agarwal, who has decided to move on from the company to pursue other interests, following 20 years at Lenovo.
Shailendra Katyal is currently Executive Director at Lenovo India PC and Smart Devices Group, where he leads the consumer business. He first joined Lenovo in 2011, and has held roles in marketing, consumer PC and tablets, home and small business, as well as e-commerce. Prior to joining Lenovo, he spent a decade building iconic FMCG brands.
“During this difficult time in India, we are working hard to ensure the safety of our employees, partners and customers. I am grateful that we have excellent leaders in place to bring our team together and offer this support. I am confident in Shailendra’s success thanks to his extensive experience in Lenovo and in the industry. I would also like to thank Rahul for everything he has done to maximize Lenovo’s growth over the past two decades. He has contributed immensely to the company’s success. I wish him the best as he pursues new opportunities in the entrepreneurial space,” said Amar Babu, President, Lenovo Asia Pacific
Wicked Gaming Named as National Champion of ROG Masters 2021
After an exciting round of national qualifiers held on 8th April 2021 and 10th April 2021, “Wicked Gaming” has been crowned as the Indian national champion of the ROG Masters 2021, the first Asia Pacific online eSports tournament organized by ROG.
They will be joined by first runner up “Headshot Esports”, second runner up “2EZ Gaming” and third runner up “Wasted Potential” to represent India at the Asia Pacific finals, where they will battle the winning teams from other Asia Pacific countries in the regional championship.
The tournament saw participation from 80 teams to qualify for the Asia Pacific tournament. Various teams from 14 markets across the country went head-on for the chance to crowned as the first ROG Masters Asia Pacific Edition CS:GO Champions.
The 4 qualifying teams from the India finals will receive US$800 for the national championship, US$400 for the first runner up, US$200 for the second runner up, US$100 for the third runner up and now have a chance to compete on a global level for a larger prize pool.
|ROG Masters APAC Championship||APAC Finals (USD/ team)|
The four Indian teams will go on to meet the following regional opponents who have also won their respective national championships. The live draw for the Asia Pacific Regional Championship brackets will be held on April 20th on the tournament’s official discord channel.
The regional semi-finals will be streamed during 22nd to 25th April 2021 on the on ROG IN’s FB account and tournament’s Twitch channel.
RAEGR Launches ‘MagFix Duo Arc M1330’ Wireless Charger
RAEGR announces ‘MagFix Duo Arc M1330’ – a 2-in-1 wireless charger that also converts into a smartphone stand. The Arc M1330 has two charging coils that can simultaneously fuel an Apple iPhone 12 or AirPods along with an Apple Watch. Additionally, the foldable design also allows for high portability and also be used as a smartphone stand.
Commenting on the new accessory launch, Ajesh George, MD, RAEGR said, “The MagFix Duo is a must have accessory for Apple Watch and iPhone 12 users. Highly portable form factor makes it even more convenient to use on the go ”
The RAEGR MagFix Duo Arc M1330 is a 15W dual wireless charger that is aimed at users who own Apple’s iPhone 12 series. The Arc M1330 is a dual-operation charger that can simultaneously charge two Apple devices, be it an iPhone or AirPods and Apple Watch. It features a MagSafe-compatible charging pad on the left that accommodates any of Apple’s iPhone 12 series smartphones or AirPods (2/Pro) and can charge them with up to 15 Watts of power.
The right side of the pad has a unique folding design that charges the Apple Watch. It can be used in Normal mode or lifted by 90° in Night Stand mode for Loop Band convenience. Using it in the Night Stand mode allows you to simultaneously charge the Watch while the Watch’s display can turn into a desk clock.
The RAEGR MagFix Duo Arc M1330 has a folding design that allows for high portability. Use it at home, in the office, in your car or anywhere you like and transport it in your handbag or backpack with ease. Additionally, the foldable design also helps convert the Arc M1330 into a smartphone stand for your iPhone 12 too. This feature takes advantage of the magnets in the phone and charger’s surface to help it rest in place.
The RAEGR MagFix Duo Arc M1330 can also be used to charge other Qi-compatible smartphones from brands such as Samsung, Google, Huawei, LG and a few others at 15W. However, the smartphone stand feature will only work with Apple’s iPhone 12 series. The wireless charger sports a USB Type-C connector and you can use any compatible USB charger to power the MagFix Duo Arc M1330. It is recommended that you use a charger that has a power rating of above 15W for the best charging results.
The RAEGR MagFix Duo Arc M1330 also has some rugged safety features. It protects every charging device from Over-current, Overheat, Over-Voltage and Short Circuit. Lastly, using its in-built intelligent device detection circuit, the charger can detect the power requirements of each device and smartly adjust the output power among 5W, 7.5W, 10W and 15W.
The RAEGR MagFix Duo Arc M1330 15W dual Wireless Charging Stand will be available for Rs 2,999, with a standard industry warranty of 1 year, on Amazon.in and Flipkart.com. Buyers can avail of additional 6 months of warranty on registering their products.
Gadgets5 days ago
OSS Infocom Launches eOnz Elite Smartwatch
Trending4 days ago
TECNO Launches Doorstep Delivery Facility
Startups4 days ago
Fyool App Launches New User Interface
Gadgets4 days ago
Top Four Tech Gadgets You Can Buy to Simplify Day-to-day Life
Trending4 days ago
Kingston Announces New ‘‘Kingston Is With You’’ Campaign
Videos4 days ago
Portronics Wireless Neckbands I Harmonics 216 & 300 Unboxing & Review
Trending4 days ago
Video Meet Adds Artificial Intelligence to Its Platform
Trending4 days ago
Vivo Announces Three Years of Android Upgrades for X Series Smartphones