Credit: F-Secure |
This vulnerability is particularly worrisome for organizations that regularly handle sensitive information, such as banks or government agencies, because the information gathered from a compromised laptop could let hackers work their way into other systems...
Because the attack requires physical access, it's also hard to know if someone has already discovered and used it. F-Secure characterized the attack as something that a low-level hacker might not discover but that anyone interested in corporate espionage or the like would be very interested in. Organizations have to decide if they want to proceed as if they were affected, which could be costly, or if they'll ignore the issue.
F-Secure advised concerned organizations to require Bitlocker PIN entry when a laptop powers up or restarts, to make sure employees force the laptops to shut down or hibernate instead of going into sleep mode and to keep laptops safe and have a plan for if they go missing. Aside from those steps, however, it's up to the laptop industry to make sure their products aren't susceptible to this modified attack. more
Q.v. USB Stick Warnings