Most modern computers can be hacked in five minutes, but for this hackers need physical access to the device.
According to F-Secure, the new exploit is built on the foundations of a traditional cold boot attack, a technique that is well known in the hacking community. Modern computers overwrite their memory when a device is powered down to scramble the data from being read. But a way was found to disable the overwriting process, making a cold boot attack possible again, TC reported.
After the researchers figured out how the memory overwriting process works, they said it took just a few hours to build a proof-of-concept tool that prevented the firmware from clearing secrets from memory. From there, the researchers scanned for disk encryption keys, which, when obtained, could be used to mount the protected volume.
It’s not just disk encryption keys at risk, Segerdahl said. A successful attacker can steal “anything that happens to be in memory,” like passwords and corporate network credentials, which can lead to a deeper compromise.
The findings were shared with Microsoft, Apple, and Intel.