A weakness in modern computers allows attackers to steal encryption keys and other sensitive information, according to the latest discovery by cybersecurity firm F-Secure. Researchers from the firm are warning PC vendors and users that current security measures are not sufficient to protect data in lost or stolen laptops. Attackers do need physical access to the computer to carry out the exploit, however, F-Secure Principal Security Consultant Olle Segerdahl says once achieved, an adversary can successfully perform the attack in about 5 minutes. From the report: “The weakness allows attackers with physical access to a computer to perform a cold boot attack—an attack that’s been known to hackers since 2008. Cold boot attacks involve rebooting a computer without following a proper shutdown process, then recovering data that remains briefly accessible in the RAM after the power is lost. Modern laptops now overwrite RAM specifically to prevent attackers from using cold boot attacks to steal data. However, Segerdahl and his team discovered a way to disable the overwrite process and re-enable the decade-old cold boot attack.”

Plan ahead: “A quick response that invalidates access credentials will make stolen laptops less valuable to attackers. IT security and incident response teams should rehearse this scenario and make sure that the company’s workforce knows to notify IT immediately if a device is lost or stolen,” says Olle. “Planning for these events is a better practice than assuming devices cannot be physically compromised by hackers because that’s obviously not the case.”