When we buy laptops or computers, we only look after its version, Storage and other technical aspects but never think about its capacity to provide security for our sensitive files and documents.
Recently, some of the Security researchers from cybersecurity provider F-Secure figured out vulnerabilities in modern computers that allow attackers to steal encryption keys and other sensitive data.
Olle Segerdahl, a cybersecurity consultant at F-Secure, said, a fault in firmware in modern computers and laptops exposes encryption keys that can be used by hackers to breach sensitive data and information. The researcher also stated the security precautions which we are taking at present to protect data on lost or stolen laptops are not enough.
Organizations do not think about safeguarding their computers from attackers unless and until they don’t realize any security issues in their devices. And when you found a security issue in devices from major PC vendors, like the weakness my team has learned to exploit, you need to assume that a lot of companies have a weak link in their security that they’re not fully alert of or prepared to deal with,” said Segerdahl.
Segeradhi explained, in comparison with the classic cold boot attack, it takes some extra steps, but it is high functioning against all the modern laptops that we have examined. And since this sort of threat is primarily relevant in scenarios where devices are stolen or illegally obtained, it’s the kind of thing a hacker will have plenty of time to perform,” “Because this attack works against the kind of laptops used by companies, there’s no dependable way for companies to identify their data is secure if a computer goes missing. And since 99 percent of company laptops include things like access credentials for corporate networks, it gives attackers a consistent, reliable way to compromise corporate targets.”
To improve the security measures of current and future products, Olle Segerfdahl has shared his research findings with Intel, Microsoft, and Apple. He also suggested companies to prepare themselves to address the cyber issues. Segerdahl added there is no easy way to solve this issue either, so it ’s a risk that companies are going to have to address on their own.