Experts Warn Current Security Measures Not Enough to Protect Data in Lost or Stolen Laptops | GBAF

Experts Warn Current Security Measures Not Enough to Protect Data in Lost or Stolen Laptops | GBAF

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Technology > Firmware weakness in modern laptops exposes encryption keys

Firmware weakness in modern laptops exposes encryption keys

Published by Gbaf News

Posted on September 15, 2018

8 min read

Last updated: January 21, 2026

Customer engaging with digital shopping platform amidst retail changes - Global Banking & Finance Review — This image illustrates a customer navigating a digital shopping platform, reflecting the evolving retail landscape. As consumer behaviors shift due to economic pressures, enhancing customer experience becomes vital for retailers.

Experts say current security measures not enough to protect data in lost or stolen laptops

Consultants from cyber security provider F-Secure have discovered a weakness in modern computers that attackers can use to steal encryption keys and other sensitive information.

The discovery has compelled the researchers to warn PC vendors and users that current security measures aren’t enough to protect data in lost or stolen laptops.

Attackers need physical access to the computer before they can exploit the weakness. But F-Secure Principal Security Consultant Olle Segerdahl says once achieved, an adversary can successfully perform the attack in about 5 minutes.

“Typically, organizations aren’t prepared to protect themselves from an attacker that has physical possession of a company computer. And when you have a security issue found in devices from major PC vendors, like the weakness my team has learned to exploit, you need to assume that a lot of companies have a weak link in their security that they’re not fully aware of or prepared to deal with,” said Segerdahl.

The weakness allows attackers with physical access to a computer to perform a cold boot attack – an attack that’s been known to hackers since 2008. Cold boot attacks involve rebooting a computer without following a proper shutdown process, then recovering data that remains briefly accessible in the RAM after the power is lost.

Modern laptops now overwrite RAM specifically to prevent attackers from using cold boot attacks to steal data. However, Segerdahl and his team discovered a way to disable the overwrite process and re-enable the decade-old cold boot attack.

“It takes some extra steps compared to the classic cold boot attack, but it’s effective against all the modern laptops we’ve tested. And since this type of threat is primarily relevant in scenarios where devices are stolen or illicitly obtained, it’s the kind of thing an attacker will have plenty of time to execute,” explained Segerdahl.

The attack exploits the fact that the firmware settings governing the behavior of the boot process are not protected against manipulation by a physical attacker. Using a simple hardware tool, an attacker can rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices. The cold boot attack can then be carried out by booting a special program off a USB stick.

“Because this attack works against the kind of laptops used by companies there’s no reliable way for organizations to know their data is safe if a computer goes missing. And since 99 percent of company laptops will contain things like access credentials for corporate networks, it gives attackers a consistent, reliable way to compromise corporate targets,” said Segerdahl. “There’s no easy fix for this issue either, so it’s a risk that companies are going to have to address on their own.”

Segerdahl has shared his team’s research with Intel, Microsoft and Apple to help tes attackers a consistent, reliable way to compromise corporate targets,” said Segerdahl. “There’s no easy fix for this issue either, so it’s a risk that companies are going to have to address on their own.”he PC industry improve the security of current and future products.

Because Segerdahl doesn’t expect an immediate fix from the industry anytime soon, he recommends companies prepare themselves for these attacks. One way is to configure laptops to automatically shut down/hibernate instead of enter sleep mode and require users to enter the Bitlocker PIN anytime Windows boots up or restores. Educating workers, especially executives and employees who travel, about cold boot attacks and similar threats is also important. And IT departments should have an incident response plan ready to deal with laptops that go missing.

“A quick response that invalidates access credentials will make stolen laptops less valuable to attackers. IT security and incident response teams should rehearse this scenario and make sure that the company’s workforce knows to notify IT immediately if a device is lost or stolen,” advises Segerdahl. “Planning for these events is a better practice than assuming devices cannot be physically compromised by hackers because that’s obviously not the case.”

Segerdahl and his associate, F-Secure Security Consultant Pasi Saarinen, are scheduled to present the research at the SEC-T conference in Sweden on September 13, and again at Microsoft’s BlueHat v18 conference in the United States on September 27.

Experts say current security measures not enough to protect data in lost or stolen laptops

Consultants from cyber security provider F-Secure have discovered a weakness in modern computers that attackers can use to steal encryption keys and other sensitive information.

The discovery has compelled the researchers to warn PC vendors and users that current security measures aren’t enough to protect data in lost or stolen laptops.

Attackers need physical access to the computer before they can exploit the weakness. But F-Secure Principal Security Consultant Olle Segerdahl says once achieved, an adversary can successfully perform the attack in about 5 minutes.

“Typically, organizations aren’t prepared to protect themselves from an attacker that has physical possession of a company computer. And when you have a security issue found in devices from major PC vendors, like the weakness my team has learned to exploit, you need to assume that a lot of companies have a weak link in their security that they’re not fully aware of or prepared to deal with,” said Segerdahl.

The weakness allows attackers with physical access to a computer to perform a cold boot attack – an attack that’s been known to hackers since 2008. Cold boot attacks involve rebooting a computer without following a proper shutdown process, then recovering data that remains briefly accessible in the RAM after the power is lost.

Modern laptops now overwrite RAM specifically to prevent attackers from using cold boot attacks to steal data. However, Segerdahl and his team discovered a way to disable the overwrite process and re-enable the decade-old cold boot attack.

“It takes some extra steps compared to the classic cold boot attack, but it’s effective against all the modern laptops we’ve tested. And since this type of threat is primarily relevant in scenarios where devices are stolen or illicitly obtained, it’s the kind of thing an attacker will have plenty of time to execute,” explained Segerdahl.

The attack exploits the fact that the firmware settings governing the behavior of the boot process are not protected against manipulation by a physical attacker. Using a simple hardware tool, an attacker can rewrite the non-volatile memory chip that contains these settings, disable memory overwriting, and enable booting from external devices. The cold boot attack can then be carried out by booting a special program off a USB stick.

“Because this attack works against the kind of laptops used by companies there’s no reliable way for organizations to know their data is safe if a computer goes missing. And since 99 percent of company laptops will contain things like access credentials for corporate networks, it gives attackers a consistent, reliable way to compromise corporate targets,” said Segerdahl. “There’s no easy fix for this issue either, so it’s a risk that companies are going to have to address on their own.”

Segerdahl has shared his team’s research with Intel, Microsoft and Apple to help tes attackers a consistent, reliable way to compromise corporate targets,” said Segerdahl. “There’s no easy fix for this issue either, so it’s a risk that companies are going to have to address on their own.”he PC industry improve the security of current and future products.

Because Segerdahl doesn’t expect an immediate fix from the industry anytime soon, he recommends companies prepare themselves for these attacks. One way is to configure laptops to automatically shut down/hibernate instead of enter sleep mode and require users to enter the Bitlocker PIN anytime Windows boots up or restores. Educating workers, especially executives and employees who travel, about cold boot attacks and similar threats is also important. And IT departments should have an incident response plan ready to deal with laptops that go missing.

“A quick response that invalidates access credentials will make stolen laptops less valuable to attackers. IT security and incident response teams should rehearse this scenario and make sure that the company’s workforce knows to notify IT immediately if a device is lost or stolen,” advises Segerdahl. “Planning for these events is a better practice than assuming devices cannot be physically compromised by hackers because that’s obviously not the case.”

Segerdahl and his associate, F-Secure Security Consultant Pasi Saarinen, are scheduled to present the research at the SEC-T conference in Sweden on September 13, and again at Microsoft’s BlueHat v18 conference in the United States on September 27.