In terms of vulnerabilities disclosed in 2018, Meltdown and Spectre is comfortably the most dangerous, simply because the CPU flaws affect almost all machines. Security company F-Secure has now disclosed another widespread vulnerability, which it says could affect every PC in Sleep Mode.
Whether it’s a Meltdown and Spectre-level problem is arguable, but it is certainly a concerning development. Hackers could exploit the vulnerability to gain access encrypted hard-disks when a PC in sleep mode. With access, the bad actors could steal data from the storage.
The flaw lies within firmware located on “most modern computers” which leave encryption keys open to attackers.
Cold boot attacks could be used to enter a hard disk and steal its data. Researchers say the problem is found on all vendors, from Dell and Lenovo on Windows, to Apple Mac.
F-Secure describes the vulnerability in its disclosure notes:
“(Researchers) figured out a way to disable this overwrite feature by physically manipulating the computer’s hardware. Using a simple tool, Olle and Pasi learned how to rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices. Cold boot attacks can then be carried out by booting a special program off a USB stick.”
While it could potentially leave any PC open to having its data stolen, this problem is not as dangerous as something like Meltdown and Spectre. While similarly potentially widespread, there is one key difference. This problem requires the attacker to have local access. In other words, the bad actor would need direct access to the PC they wish to exploit.
Nevertheless, F-Secure has informed major vendors including Dell, Apple, and Lenovo, while it has also told Microsoft. Apple says its MacBooks with T2 chips are not affected by this flaw. For the time being, the security researcher recommends users don’t put their PC in sleep mode.