Hackers can exploit Safe mode in Windows to launch security attacks

Ivan Jenic By: Ivan Jenic
2 minute read

Home » Hackers can exploit Safe mode in Windows to launch security attacks

When you think of Safe Mode, your first association is reduced risk from malicious attack for your computer. As Safe Mode runs only essential, first party programs in Windows, it is often used for fixing various security and other system problems.

However, there’s one contradiction. Although Safe Mode’s purpose is to provide a risk-free environment, it can actually leave your computer in danger if a hacker takes a full advantage out of it. According to researchers at CyberArk Labs, while not running the majority of programs is actually good for your security, it can also be very bad at the same time.

If an attacker has remote access to a user’s computer, he can boot into Safe Mode and launch an attack. Since all potential security programs and antiviruses are turned off, there would be nothing to stop a malicious software.

“Sure, the attacker can arbitrarily force a restart, but this will likely look suspicious to the user and prompt a phone call to the IT team,” says CyberArk researcher Doron Naim writing on the company’s blog. “Instead, to stay under the radar, the attacker can also either wait until the next restart or show the victim an ‘update’ window with a message that says the PC must be rebooted. This ‘update’ window can purposely be designed to look like a legitimate Windows pop-up”.

Once attackers are in Safe Mode, they can easily capture important user data like credentials and even execute pass-the-hash attacks to break into other computers on the same network.

Although completely removing this risk is almost impossible, there are some security measures recommended for enterprises. Admins can remove administrator privileges from normal users so that attackers are not able to switch from Normal to Safe mode, rotate privileged credentials, make security tools available in Safe Mode, and continuously monitor any suspicious activity that involves PCs booting into Safe Mode.

RELATED STORIES YOU NEED TO CHECK OUT:

Discussions

Next up

Happy broadcasting with these 4 live streaming software for Twitch

Madhuparna Sukul avatar. By: Madhuparna Sukul
Less than a 1 minute read

Live streaming is the hottest trend and a powerful streaming software makes the entire process a lot easier. A streaming software primarily helps you with […]

Continue Reading

How to fix common Camtasia errors on Windows 10

Matthew Adams By: Matthew Adams
7 minute read

In this guide, you’ll learn how to fix the following Camtasia errors: Error Code: (5) Setup Error Error 1720, 1721, or 1723 Problem With Your […]

Continue Reading

6 best CD and DVD encryption software for Windows 7, 10 PCs

Daniel Segun By: Daniel Segun
Less than a 1 minute read

From the tail end of the 20th century, up to about a decade ago, CDs and DVDs constitute the major options for media storage. Today, […]

Continue Reading