Western Digital's My Cloud NAS Devices Turn Out to Be Easily Hacked

western digital my cloud nas devices

Security researchers have discovered an authentication bypass vulnerability in Western Digital’s My Cloud NAS devices that potentially allows an unauthenticated attacker to gain admin-level control to the affected devices.

Western Digital’s My Cloud (WD My Cloud) is one of the most popular network-attached storage (NAS) devices which is being used by businesses and individuals to host their files, as well as backup and sync them with various cloud and web-based services.

The WD My Cloud devices let users not only share files in a home network but its private cloud feature also allows them to access their data from anywhere around the world at any time.

However, security researchers at Securify have discovered an authentication bypass vulnerability on the WD My Cloud NAS boxes that could allow unauthenticated attackers with network access to the device to escalate their privileges to admin-level without needing to provide a password.

This would eventually allow attackers to run commands that would typically require administrative privileges and gain complete control of the affected NAS device, including their ability to view, copy, delete and overwrite any files that are stored on the device.

Here’s How Easy it is to Hack a WD My Cloud Storage Boxes

The vulnerability, designated CVE-2018-17153, resides in the way WD My Cloud creates an admin session tied to an IP address.

By simply including the cookie username=admin to an HTTP CGI request send by an attacker to the device’s web interface, the attacker can unlock admin access and gain access to all the content stored on the NAS box.

“It was found that it is possible for an unauthenticated attacker to create a valid session without requiring to authenticate,” the researchers explain in a blog post detailing about the flaw published on Tuesday.

“The network_mgr.cgi CGI module contains a command called cgi_get_ipv6 that starts an admin session that is tied to the IP address of the user making the request when invoked with the parameter flag equal to 1. Subsequent invocation of commands that would normally require admin privileges are now authorized if an attacker sets the username=admin cookie.”

Long story short, just tell the WD My Cloud NAS device that you are the admin user in the cookie, and you are in without ever being asked for a password.

Proof-of-Concept Exploit Code Released

Proof-of-Concept Exploit Code

Securify researchers have also published a proof-of-concept (PoC) exploit showing how the vulnerability can be exploited with just a few lines of code.

Obviously, the exploit requires either a local network or internet connection to a WD My Cloud device in order to be run the command and bypasses the NAS device’s usual login requirements.

The researchers successfully verified the vulnerability on a Western Digital My Cloud model WDBCTL0020HWT running firmware version 2.30.172, though they claimed that this issue is not limited to the model, as most products in the My Cloud series share the same “vulnerable” code.

Securify researchers found the issue while reverse engineering the CGI binaries to look for security bugs, and reported it to Western Digital in April 2017, but did not receive any response from the company.

After almost one-and-half years of silence from Western Digital, researchers finally publicly disclosed the vulnerability, which is still unpatched.

This is not the first time Western Digital has ignored the security of its My Cloud NAS device users.

Earlier this year, a researcher publicly disclosed several vulnerabilities in Western Digital’s My Cloud NAS devices, including a hard-coded password backdoor issue in their firmware after the company did not address the issue, which was reported 180 days before making it public.

Let’s block ads! (Why?)

Link to original source

Powerful Android and iOS Spyware Found Deployed in 45 Countries

Pegasus spyware android ios hacking tool

One of the world’s most dangerous Android and iPhone spyware program has been found deployed against targets across 45 countries around the world over the last two years, a new report from Citizen Lab revealed.

The infamous spyware, dubbed Pegasus, is developed by NSO Group—an Israeli company which is mostly known for selling high-tech surveillance tools capable of remotely cracking into iPhones and Android devices to intelligence agencies around the world.

Pegasus is NSO Group’s most powerful creation that has been designed to hack iPhone, Android, and other mobile devices remotely, allowing an attacker to access an incredible amount of data on a target victim, including text messages, calendar entries, emails, WhatsApp messages, user’s location, microphone, and camera—all without the victim’s knowledge.

Pegasus has previously been used to target human rights activists and journalists, from Mexico to the United Arab Emirates.

Just last month, The Hacker News reported that this nasty spyware was used against one of the staffers of Amnesty International—one of the most prominent non-profit human rights organizations in the world—earlier this year, alongside another human rights defender.

Pegasus android ios hacking software

Now, a new report released Tuesday from the University of Toronto’s Citizen Lab revealed that the Pegasus infections have victimized more countries than previously believed.

36 Pegasus Spyware Operations Found Deployed in 45 Countries

Citizen Lab last month said that it had so far counted as many as 174 publicly-reported cases of individuals worldwide “abusively targeted” with NSO spyware, but now found traces of Pegasus infections across as many as 45 countries.

According to the report, 36 Pegasus operators have been using the spyware to conduct surveillance operations in 45 countries worldwide, and at least 10 of these operators appear to be actively engaged in cross-border surveillance.

Read More: Ex-NSO Employee Caught Selling Pegasus Hacking Tool For $50 Million

The report further said that while some NSO customers may be lawfully using Pegasus, at least 6 of those countries with significant Pegasus operations were “known spyware abusers,” which means they have previously been linked to the abusive use of spyware to target civil society.

Pegasus spyware android ios hacking tool

These “known spyware abusers” include Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates.

The list of countries targeted by Pegasus includes Algeria, Bahrain, Bangladesh, Brazil, Canada, Cote d’Ivoire, Egypt, France, Greece, India, Iraq, Israel, Jordan, Kazakhstan, Kenya, Kuwait, Kyrgyzstan, Latvia, Lebanon, Libya, Mexico, Morocco, the Netherlands, Oman, Pakistan, Palestine, Poland, Qatar, Rwanda, Saudi Arabia, Singapore, South Africa, Switzerland, Tajikistan, Thailand, Togo, Tunisia, Turkey, the UAE, Uganda, the United Kingdom, the United States, Uzbekistan, Yemen, and Zambia.

Since Citizen Lab tracked down Pegasus infections by creating fingerprints for Pegasus infrastructure to identify the IP addresses associated with the same spyware system, it admitted that there could be some inaccuracies in its report, due to the possible use of VPN and satellite connections by some of its targets.

Citizen Lab is keeping those fingerprints secret for now but found they could then be detected by scanning the internet.

Spyware Creator “NSO Group” Response:

In response to the Citizen Lab report, an NSO Group spokesperson released a statement saying that the company worked in full compliance with all countries without breaking any laws, including export control regulations.

“Contrary to statements made by you, our product is licensed to government and law enforcement agencies for the sole purpose of investigating and preventing crime and terror. Our business is conducted in strict compliance with applicable export control laws,” NSO Group spokesperson Shalev Hulio told Citizen Lab.

“NSO’s Business Ethics Committee, which includes outside experts from various disciplines, including law and foreign relations, reviews and approves each transaction and is authorized to reject agreements or cancel existing agreements where there is a case of improper use.”

The NSO Group further said that there were some problems with the Citizen Lab research and that the company did not sell in many of the 45 countries listed in the report.

Let’s block ads! (Why?)

Link to original source

Linus Torvalds Apologizes For His Rude Behavior—Takes Time Off

linux linus torvalds rants jerk

What just happened would definitely gonna surprise you.

Linus Torvalds—father of the Linux open-source operating system—finally admitted his behavior towards other developers in the Linux community was hurting people and Linux.

In a surprising move this weekend, Torvalds apologized for insulting and abusing other developers for almost three decades and took a break from the open-source software to work on his behavior.

In an email to the Linux Kernel Mailing List (LKML) on Sunday, Torvalds said that he was confronted by people of the Linux community this week about his lifetime of not understanding emotions, and apologized for his personal behavior that has hurt people and possibly has driven some of them away from working in kernel development altogether.

Torvalds wrote, “I need to change some of my behavior, and I want to apologize to the people that my personal behavior hurt and possibly drove away from kernel development entirely.”

“I am going to take time off and get some assistance on how to understand people’s emotions and respond appropriately,” Torvalds added.

Torvalds is working on the open source Linux operating system kernel since its birth in 1991, but over the decades, he has shown a bad attitude towards fellow programmers, open-source lawyers and other kernel developers, which has turned developers away from contributing to Linux.

Besides Linux which is the underlying layer behind Google’s ubiquitous Android, Torvalds also created git, the technology that underlies smaller companies including GitLab, as well as popular code repository hosting service GitHub that Microsoft recently acquired for $7.5 billion.

“Linus Torvalds deserves a Nobel Prize for git, the Turing Award for Linux and [a] swift kick in the ass for almost everything else he’s done,” a Twitter user GonzoHacker tweeted in July.

Torvalds said he looked at himself in the mirror, and he wasn’t happy, realizing that “it wasn’t actually funny or a good sign that I was hoping to just skip the yearly kernel summit entirely, and on the other hand realizing that I really had been ignoring some fairly deep-seated feelings in the community.”

Torvalds’ lengthy note further reads that he hope automated tools like an email filter that removes curse-words could be a part of the solution.

However, Torvalds admitted that he’s “not an emotionally empathetic kind of person, and that probably doesn’t come as a big surprise to anybody.”

“The fact that I then misread people and don’t realize (for years) how badly I’ve judged a situation and contributed to an unprofessional environment is not good,” Torvalds added.

The recent note from Torvalds to the Linux kernel development community of taking a break from his work on the Linux kernel came as a shock to the open source software world.

However, Torvalds has not revealed how long he plans to be away from the Linux kernel, but has made arrangements to ensure that Linux is maintained without him.

While many praised his decision of apologizing and expressing a willingness to change his behavior, some people remained skeptical over whether his recent commitment will make any difference or sense after decades of this bad behavior.

Let’s block ads! (Why?)

Link to original source

Ransomware Attack Takes Down Bristol Airport's Flight Display Screens

cyberattack bristol airport

Bristol Airport has blamed a ransomware attack for causing a blackout of flight information screens for two days over the weekend.

The airport said that the attack started Friday morning, taking out several computers over the airport network, including its in-house display screens which provide details about the arrival and departure information of flights.

The attack forced the airport officials to take down its systems and use whiteboards and paper posters to announce check-in and arrival information for flights going through the airport and luggage pickup points for all Friday, Saturday, and the subsequent night.

“We are currently experiencing technical problems with our flight information screens,” a post on the Bristol Airport’s official Twitter feed read on Friday.

“Flights are unaffected and details of check-in desks, boarding gates, and arrival/departure times will be made over the public address system. Additional staff are on hand to assist passengers.”

The airport also urged passengers to arrive early and “allow extra time for check-in and boarding processes,” though this two days technical meltdown caused delays in baggage handling, with customers needed to wait longer than one hour for their bags.

However, no flight delays were reportedly caused due to the cyber attack.

An airport spokesman said that the information screens went offline due to a so-called “ransomware” attack, though he confirmed that no “ransom” had been paid to get the airport systems working again.

Affected systems and flight information screens were finally restored on Sunday, officials said.

“We are grateful to passengers for their patience while we have been working to resolve issues with flight information this weekend. Digital screens are now live in arrivals and departures. Work will continue to restore complete site-wide coverage as soon as possible,” the airport tweeted on Sunday.

At the moment, it is not clear how the ransomware got into the airport systems. Bristol is carrying out an investigation to find out what happened.

Let’s block ads! (Why?)

Link to original source

Learn Ethical Hacking Online – A to Z Online Training Pack

learn-hacking-online-training

Good news for you is that this week’s THN Deals brings Ethical Hacking A to Z Bundle that let you get started regardless of your experience level.

The Ethical Hacking A to Z Bundle will walk you through the very basic skills you need to start your journey towards becoming a professional ethical hacker.

The 45 hours of course that includes total 384 in-depth lectures, usually cost $1,273, but you can exclusively get this 8-in-1 online training course for just $39 (after 96% discount) at the THN Deals Store.

8-in-1 Online Hacking Training: Here’s What You Will Learn

Ethical Hacking A to Z Bundle will provide you access to the following eight courses:

1. Ethical Hacker Boot Camp for 2017

This course will teach you all about passive and active reconnaissance, scanning and enumeration, social engineering basics, network mapping, and with live hacking demonstrations using tools like Maltego, FOCA, Harvester, Recon-ng, Nmap, and masscan.

By the end of this course, you’ll be able to think like a hacker and be fully prepared for the Ethical Hacking Certification exams.

2. A to Z Ethical Hacking Course

This course will talk you through basics to advanced hacking techniques, leaving no stone unturned.

As its name suggests, A to Z Ethical Hacking Course will give you hands-on practice in a variety of hacking techniques, such as SQL injections, phishing, cross-site scripting, and email hacking, making you learn how to use tools like Metasploit, Keylogger, and WireShark.

By the end of this course, you will be ready to get a high-paying ethical hacking job.

3. Learn Burp Suite for Advanced Web Penetration Testing

This course will teach you how to use Burp Suite – a Java-based software platform of tools for performing security testing of web applications – and how to use Burp to automate certain attacks.

Burp gives you full control, allowing you to combine advanced manual techniques with state-of-the-art automation, to make your work faster, more efficient, and more fun.

With this course, you will learn about different types of web attacks by targeting a test environment based on OWASP Web Goat, a deliberately vulnerable web app used to practice security techniques.

4. Complete Ethical Hacking / Penetration Testing Course

This online course will help you discover the art of Penetration Testing and Ethical Hacking. This course will take you through a complete, simulated penetration testing process – Information Gathering, Enumeration, Vulnerability Scanning, Exploitation, and Post Exploitation.

By the end of this course, you’ll be able to efficiently find and exploit security vulnerabilities in applications or web services manually or using automated scanning tools.

5. Intro to Ethical Hacking Certification

As its name suggests, this course will provide you a quick introduction to ethical hacking and how to succeed in the cutthroat IT industry.

Since the demand for security professionals is hitting an all-time high, it’s a must for you to have a comprehensive knowledge of security hacking and this course will help you jump in on the action.

6. Real World Hacking & Penetration Testing

Besides updated Penetration Testing techniques, this 5 hours of immersive course will get you through all up to date ethical hacking tools and techniques.

In this course, you’ll learn everything a pen-tester does, from exploring attacks on computers, networks, and web applications, to discovering DARKNET and wireless attacks.

7. Learn Kali Linux and Hack Android Mobile Devices

This course offers you much-needed knowledge about Kali Linux – one of the popular operating systems of hackers that come with over 300 tools for penetration testing, forensics, hacking and reverse engineering – and its hacking capabilities.

Since most of your critical data is stored on your smartphone, cyber criminals take a high interest in targeting smartphones to steal your personal information, especially Android, which is the world’s largest mobile operating system.

Besides Kali Linux, this course teaches you how to hack Android smartphones and tablets and explore countermeasures to each kind of attack to secure them from hackers.

By the end of this course, you’ll be able to efficiently use valuable mobile hacking tools like Netcat, Ettercap, and NMAP; set up Virtual Machines, a workspace, and an Android platform; and work with the exploit, Metasploit, and Armitage.

8. Learn How to Pentest using Android from Scratch

Last but not the least: This exciting course will help you prevent a variety of common attacks using your Android devices.

Basically, it’s a penetration testing with Android. This course will help you install NetHunter and Kali Linux on your Android device to perform penetration testing, use your Android device to gain access to any account accessed by devices in your network, create a fake access point in a network and spy on all the data sent on it, explore several exploitation methods to gain full control over a target computer, and discover methods to detect ARP Poisoning Attacks.

In short, this online course delves into using Android as a penetration testing tool, using real life scenarios that will give you full control over a variety of computer systems.

By course’s end, you’ll learn how attacks work, how to launch the attack practically, and how to detect and prevent that type of attack from happening.

How to Join This Online Training Course

All these impressive courses come in a single bundle Ethical Hacking A to Z Bundle that costs you just $39 (after 96% discount) at the THN Deals Store.

So, what you are waiting for? Sign up and grab the exclusive discounted deal NOW!

Let’s block ads! (Why?)

Link to original source

Greece U-Turns — Now Approves Mr. Bitcoin's Extradition To Russia

bitcoin scam alexander vinnik extradition

Greece just took another U-turn.

Mr. Bitcoin a.k.a. Alexander Vinnik is not going to France nor to the United States; instead, he is now possibly going to his homeland Russia.

The Supreme Civil and Criminal Court of Greece on Friday has overruled previous decisions and approved to extradite the alleged owner of the now-defunct Bitcoin cryptocurrency exchange BTC-e Vinnik to Russia.

Several Greek courts have previously ruled in favor of all three countries, Russia, France, and the United States, where Vinnik is wanted to face different criminal and hacking charges.

Vinnik, 38, has been accused of operating BTC-e cryptocurrency exchange, which was shut down right after his arrest by Greek police in July 2017 at the request of the U.S., where he is convicted for fraud and money laundering more than $4 billion worth amount of Bitcoin (BTC) for criminals involved in hacking attacks, tax fraud, and drug trafficking.

Vinnik is also accused to the failure of the once-most famous Japanese bitcoin exchange Mt. Gox, which was suddenly shut down in 2014 following a series of mysterious robberies, which totaled $375 million in Bitcoin.

The U.S. authorities believe Vinnik “obtained” funds from a hacker or insider who stole Bitcoins from Mt. Gox and then sent them to a bitcoin wallet controlled by him and intentionally laundered the money through his BTC-e-service over a period of three years.

Greece Approved Vinnik’s Extradition to US Last Year…

The Greek Supreme Court earlier approved Vinnik’s extradition to the U.S. to stand trial on the charges with the operation of an unlicensed money service business, money laundering, conspiracy to commit money laundering, and engaging in unlawful monetary transactions.

Then to France This Year…

However, in July this year, a Greek lower court agreed to extradite Vinnik to France, after the country charged him with defrauding thousands of people worldwide, including 100 in France, through his bitcoin platform and laundered 133 million euros using 20,643 bitcoins.

And Now Russian…

Meanwhile, the Russian government also intervened in the case, asking the Greek government to extradite the Russian national to his home country, where he is facing around $10,000 worth of fraud charges—very low as compared to accusations made by other countries.

Now, the decision of the Greek Supreme Court published Friday upheld a lower court ruling, allowing Vinnik to be tried in his native Russia for his alleged fraud crime.

What’s Next?

The Supreme Court is scheduled to consider the French extradition request for Vinnik again on September 19.

However, reportedly Greek Minister of Justice can still overturn the Supreme Court ruling and decide where Vinnik ends up—the United States, Russia or France.

Meanwhile, Greek authorities are also investigating Vinnik for possible cyber crimes in Greece, which might also delay his extradition.

Let’s block ads! (Why?)

Link to original source

Watch Out! This New Web Exploit Can Crash and Restart Your iPhone

iphone hack crash phone

It’s 2018, and just a few lines of code can crash and restart any iPhone or iPad and can cause a Mac computer to freeze.

Sabri Haddouche, a security researcher at encrypted instant messaging app Wire, revealed a proof-of-concept (PoC) web page containing an exploit that uses only a few lines of specially crafted CSS & HTML code.

Beyond just a simple crash, the web page, if visited, causes a full device kernel panic and an entire system reboot.

The Haddouche’s PoC exploits a weakness in Apple’s web rendering engine WebKit, which is used by all apps and web browsers running on the Apple’s operating system.

Since the Webkit issue failed to properly load multiple elements such as “div” tags inside a backdrop filter property in CSS, Haddouche created a web page that uses up all of the device’s resources, causing shut down and restart of the device due to kernel panic.

You can also watch the video demonstration published by the researcher, which shows the iPhone crash attack in action.

[embedded content]

All web browsers, including Microsoft Edge, Internet Explorer, and Safari, on iOS, as well as Safari and Mail in macOS, are vulnerable to this CSS-based web attack, because all of them use the WebKit rendering engine.

Windows and Linux users are not affected by this vulnerability.

The Hacker News tested the attack on different web browsers, including Chrome, Safari, and Edge (on MacBook Pro and iPhone X) and it still worked on the latest version of both macOS and iOS operating systems.

So, Apple users are advised to be vigilant while visiting any web page including the code or clicking on links sent over their Facebook or WhatsApp account, or in an email.

Haddouche has posted the source code of the CSS & HTML web page that causes this attack on his GitHub page

Haddouche said he already reported the issue to Apple about the Webkit vulnerability and the company is possibly investigating the issue and working on a fix to address it in a future release.

Let’s block ads! (Why?)

Link to original source

Russian Hacker Pleads Guilty to Operating Kelihos Botnet

russian hacker kelihos botnet peter severa

The Russian man who was accused of operating the infamous Kelihos botnet has finally pleaded guilty in a U.S. federal court.

Peter Yuryevich Levashov, 38, of St. Petersburg, Russia, pleaded guilty on Wednesday in U.S. federal court in Connecticut to computer crime, wire fraud, conspiracy and identity theft charges.

Levashov, also known by many online aliases including Peter Severa, Petr Levashov, Petr Severa and Sergey Astakhov, has admitted of operating several botnets, including the Storm, Waledac and Kelihos botnets, since the late 1990s until he was arrested in April 2017.

Kelihos botnet, dated back to 2010, was a global network of tens of thousands of infected computers that were used to steal login credentials, send bulk spam emails, and infect computers with ransomware and other malware.

Russian Hacker Infects 50,000 Computers With Kelihos Botnet

Storm and Waledac botnets also shared Kelihos code, but kelihos was the most notorious botnet of all that alone infected more than 50,000 computers worldwide.

“Levashov controlled and operated multiple botnets, including the Storm, Waledac and Kelihos botnets, to harvest personal information and means of identification (including email addresses, usernames and logins, and passwords) from infected computers,” the DoJ said in a press release.

All the three botnets reportedly generated hundreds of millions of dollars for cybercriminals.

As The Hacker News has previously reported, Levashov has also been listed in the World’s Top 10 Worst Spammers maintained by anti-spam group Spamhaus, which gave him the 7th position in the list, at that time.

While initially it was speculated that Levashov was involved in 2016 U.S. election hacking, the DoJ indictment unsealed last year after his arrest in Spain made it clear that the suspect was arrested due to his involvement in the Kelihos botnet and spamming targets for trying and forcing them to buy worthless stock.

Levashov was arrested in Barcelona in 2017 where he was vacationing with his family after an international arrest warrant was issued against him by the United States. Right after his arrest, the Kelihos botnet was shut down by the federal authorities.

While Russia filed an extradition request in September last year, Spanish authorities extradited Levashov on the United States’ request in February 2018.

Since Levashov has previously worked with for Vladimir Putin’s United Russia Party for ten years, at the time of his arrest, he feared that the US authorities would torture him for information about his political work if extradited to the U.S. to face charges.

Levashov on Wednesday pleaded guilty in U.S. District Court in Hartford, Connecticut, to a total of four counts, as follows:

  • 1 count of causing intentional damage to a protected computer
  • 1 count of conspiracy
  • 1 count of aggravated identity theft
  • 1 count of wire fraud

Levashov is due to be sentenced on September 6, 2019, and will remain in custody until this date.

Let’s block ads! (Why?)

Link to original source

New Cold Boot Attack Unlocks Disk Encryption On Nearly All Modern PCs

cold boot steal Encryption keys

Security researchers have revealed a new attack to steal passwords, encryption keys and other sensitive information stored on most modern computers, even those with full disk encryption.

The attack is a new variation of a traditional Cold Boot Attack, which is around since 2008 and lets attackers steal information that briefly remains in the memory (RAM) after the computer is shut down.

However, to make the cold boot attacks less effective, most modern computers come bundled with a safeguard, created by the Trusted Computing Group (TCG), that overwrites the contents of the RAM when the power on the device is restored, preventing the data from being read.

Now, researchers from Finnish cyber-security firm F-Secure figured out a new way to disable this overwrite security measure by physically manipulating the computer’s firmware, potentially allowing attackers to recover sensitive data stored on the computer after a cold reboot in a matter of few minutes.

“Cold boot attacks are a known method of obtaining encryption keys from devices. But the reality is that attackers can get their hands on all kinds of information using these attacks. Passwords, credentials to corporate networks, and any data stored on the machine are at risk,” the security firm warns in a blog post published today.

Video Demonstration of the New Cold Boot Attack

Using a simple tool, researchers were able to rewrite the non-volatile memory chip that contains the memory overwrite settings, disable it, and enable booting from external devices. You can also watch the video demonstration performing the attack below.

Like the traditional cold boot attack, the new attack also requires physical access to the target device as well as right tools to recover remaining data in the computer’s memory.

“It’s not exactly easy to do, but it is not a hard enough issue to find and exploit for us to ignore the probability that some attackers have already figured this out,” says F-Secure principal security consultant Olle Segerdahl, one the two researchers.

“It’s not exactly the kind of thing that attackers looking for easy targets will use. But it is the kind of thing that attackers looking for bigger phish, like a bank or large enterprise, will know how to use.”

How Microsoft Windows and Apple Users Can Prevent Cold Boot Attacks

cold boot attack on full disk encryption

According to Olle and his colleague Pasi Saarinen, their new attack technique is believed to be effective against nearly all modern computers and even Apple Macs and can’t be patched easily and quickly.

The two researchers, who will present their findings today at a security conference, say they have already shared their findings with Microsoft, Intel, and Apple, and helped them explore possible mitigation strategies.

Microsoft updated its guidance on Bitlocker countermeasures in response to the F-Secure’s findings, while Apple said that its Mac devices equipped with an Apple T2 Chip contain security measures designed to protect its users against this attack.

But for Mac computers without the latest T2 chip, Apple recommended users to set a firmware password in order to help harden the security of their computers.

Intel has yet to comment on the matter.

The duo says there’s no reliable way to “prevent or block the cold boot attack once an attacker with the right know-how gets their hands on a laptop,” but suggest the companies can configure their devices so that attackers using cold boot attacks won’t find anything fruitful to steal.

Meanwhile, the duo recommends IT departments to configure all company computers to either shut down or hibernate (not enter sleep mode) and require users to enter their BitLocker PIN whenever they power up or restore their PCs.

Attackers could still perform a successful cold boot attack against computers configured like this, but since the encryption keys are not stored in the memory when a machine hibernates or shuts down, there will be no valuable information for an attacker to steal.

Let’s block ads! (Why?)

Link to original source