قالب وردپرس درنا توس
Home / Technology / Almost all modern computers affected by cold start attacks warn scientists

Almost all modern computers affected by cold start attacks warn scientists



  A model has a Microsoft Surface laptop

Microsoft said it has updated the software to stop the attack.


Microsoft

Security scientists encountered an error with almost all modern computers that allow potential hackers to steal sensitive information from your locked devices.

The attack takes only about five minutes to pull out, if the attacker has physical access to the computer, F-Secure, chief consultant Olle Segerdahl said in a statement. Call launcher can steal data on a computer's RAM, where sensitive information is stored shortly after a forced restart.

These attacks have been known since 2008, and most computers today have a security target where it removes data stored on RAM to prevent hackers from stealing sensitive information. Nor is it a common threat to the average person since the attack would both have access to the computer and special tools ̵

1; like a program on a USB stick – to perform the attack.

But Segerdahl and scientists from F-Sik said they found a way to disable that security target on and extract data using call starters attacks.

"It takes some extra steps compared to the classic cold start attack, but it is effective against all modern laptops we've tested," he said in a statement.

There is no immediate solution available for the new vulnerability, F-Secure said. Cybersecurity Company recommends that you configure laptops to turn off or hibernate instead of having full sleep mode when shutting down the screen.

The company said that it was contacted Microsoft, Intel and Apple about the discovery. Microsoft told ZDNet that it updated its BitLocker tutorial, while Apple responded and said that all devices using a T2 chip are not affected.

F-Secrets researchers presented their findings at a conference in Sweden on Thursday, and will be presented again at Microsoft's Security Conference on 27 September.

For more about vulnerability, read the full details on the sister site ZDNet.


Source link