Thunderbolt Ports Flaw At Risk From Thunderspy

Forum Moderators: open

Message Too Old, No Replies

Thunderbolt Ports Flaw At Risk From Thunderspy

engine

11:56 am on May 11, 2020 (gmt 0)

Thunderspy is the latest unpatched security risk where computers with a Thunderbolt port could allow an attacker with brief physical access to read and copy all your data, even if a drive is encrypted and the computer is locked or set to sleep.

We have found 7 vulnerabilities in Intel’s design and developed 9 realistic scenarios how these could be exploited by a malicious entity to get access to your system, past the defenses that Intel had set up for your protection.

[thunderspy.io...]

The key thing here is that physical access is required, which should help limit the potential attack, but, even so, it's nasty.

iamlost

3:13 pm on May 11, 2020 (gmt 0)

From above linked article:

All the attacker needs is 5 minutes alone with the computer, a screwdriver, and some easily portable hardware.
[ :) ! ]

From Intel’s response [blogs.intel.com]:

In 2019, major operating systems implemented Kernel Direct Memory Access (DMA) protection to mitigate against attacks such as these. This includes Windows (Windows 10 1803 RS4 and later), Linux (kernel 5.x and later), and MacOS (MacOS 10.12.4 and later). The researchers did not demonstrate successful DMA attacks against systems with these mitigations enabled.

For all systems, we recommend following standard security practices, including the use of only trusted peripherals and preventing unauthorized physical access to computers.