With digital hacking incidents on the rise, many IT professionals have lost focus on the tried-and-true method of attacking physical security. Criminals know security professionals put most of their eggs in the cyber basket and will often resort to the old-fashioned break-and-enter attack from inside.
Recently, a flaw was detected in Intel chips that could allow someone with physical access to a PC to extract its chipset key, essentially a master password that could unlock the rest of the system. Intel acknowledged that many of the firmware in its chips are vulnerable to physical attacks and recommended that users “maintain physical possession of their platform.” According to researchers at Positive Technologies, who disclosed it on Thursday, the flaws cannot be fixed even with mitigations, and that the only way to fully prevent an attack is to replace the CPU with a new one whose chipset key cannot be extracted.
What Should You Do?
There are some everyday policies you can implement/enforce to safeguard your systems from everyday physical hacks:
- Implement a visitors policy – Access control with swipe-card-access or ID doors is essential for business security, but you should also ensure that all visitors are accounted for by supplying them with visitor passes. Visitors should need to check in and then be escorted to whom they are meeting with.
- Be aware of those around you to avoid tailgating.
- Be mindful of remote equipment. When traveling anywhere, be sure to guard devices and keep then locked when not using. Enable two-factor authentication, avoid public wi-fi, leave bluetooth disabled.
