A new exploitation discovered by F-Secure is said to put "almost all" Mac and Windows laptops and desktops at risk for computer theft. Vulnerability allows even Macs with FileVault to be turned on susceptible.
Whoosh! Screen Cleaner
As reported by TechCrunch firmware utilization has to do with how almost all Mac and Windows machines overwrite data when they are turned off. This exploitation is based on a cold boot attack, where hackers are working to steal data from a computer that is turned off.
F-Secures Olle Segerdahl and Pasi Saarinen discovered the vulnerability that overwrites the ability to turn off data. In particular, a malicious party would have physical possession of a computer to exploit this error.
"It takes a little extra step," Segerdahl said, but the error is "easy to exploit." So much said he would "very much surprise" him if this technique is not already known by any hacker groups.
Segerdahl also discovered that in most cases it was possible to steal data even though the Mac had the FileVault encryption feature turned on.
After researchers found out how the memory overwriting process works, they said it took only a few hours to build a proof of concept tool that prevented the firm from clearing secrets from memory. From there, the researchers scanned for disk encryption keys that, when they were achieved, could be used to mount the protected volume.
The researchers shared their earlier discovery with Apple, Microsoft and Intel. Macs with the new T2 chip are immune from the error, which includes iMac Pro and 2018 MacBook Pros.
"Apple said it was looking for measures to protect Macs that do not come with the T2 chip." Meanwhile, Intel did not respond to TechCrunch on the case.
Check out 9to5Mac on YouTube for more Apple News: