Penetration Testing | Pen Testing | CESG Check
Stolen Laptop Case Study
A large independent clearing house were reviewing the security of their laptops and considering various security and encryption options. Due to an on-going relationship ProCheckUp had a few conversations to discuss their options. As there were various options we both decided a Stolen Laptop Test would be of interest, the brief was simple, what can be done if one of our laptops was stolen or got into the "wrong hands".
The laptop was from a senior employee so the stakes were high, all the security consultants wanted to try different methods, whilst most failed ProCheckUp were able to:
- Access the BIOS of the laptop which meant it was theoretically possible to boot the laptop from another device such as a USB drive, this was an easy fix for the clearing house and their security policy now enforces a BIOS password.
- We also discovered that the laptop allowed a malicious user to access the local drive which contained sensitive files and hashes, it was possible to disable critical applications such as anti-virus's and firewalls. We knew there were plans to implement encryption so this vulnerability was confirmed the requirement. Encryption is now installed on all company laptops as standard.
Contact us to discuss your specific laptop testing needs.