Breaking News

ASUS Republic of Gamers Announces ROG Phone 7 Lenovo introduces Lenovo LOQ Gaming, Slim line Laptops and Tower PC for New Gamers Amazon Fire TV Surpasses 200 Million Fire TV Devices Sold Globally, Expands Amazon-Built TV Lineup, and Brings its Smart TV to More Countries Supercharge with Gen 5! MSI launches next Gen SSD - SPATIUM M570 HS COLORFUL Announces Battle-Ax Redline DDR5 and DDR4 Gaming Memory

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Intel Confirms "Thunderspy" Risk in Thuerbolt Devices

Intel Confirms "Thunderspy" Risk in Thuerbolt Devices

PC components May 11,2020 0

A Thunderbolt flaw could let hackers steal your data within minutes, and grab encrypted data even if you lock your PC.

Researchers from Eindhoven University of Technology last February reached out to Intel with a report on Thunderbolt, which they refer to as “Thunderspy”.

In the report, they discussed issues related to invasive physical attacks on Thunderbolt hosts and devices. While the underlying vulnerability is not new and was addressed in operating system releases last year, the researchers demonstrated new potential physical attack vectors using a customized peripheral device on systems that did not have these mitigations enabled.

Attackers could steal data from Thunderbolt-equipped PCs or Linux computers, even if the computer is locked and the data encrypted, according to security researcher Björn Ruytenberg. Using a simple technique called “Thunderspy,” someone with physical access to your machine could nab your data in just five minutes with a screwdriver and “easily portable hardware,” he wrote.

Thunderbolt is giving devices direct access to your PC’s memory, which also creates a number of vulnerabilities. Ruytenberg’s attack method is changing the firmware that controls the Thunderbolt port, allowing any device to access it.

The attack requires about $400 worth of gear, including an SPI programmer and $200 Thunderbolt peripheral.

In 2019, major operating systems implemented Kernel Direct Memory Access (DMA) protection to mitigate against attacks such as these. This includes Windows (Windows 10 1803 RS4 and later), Linux (kernel 5.x and later), and MacOS (MacOS 10.12.4 and later). The researchers did not demonstrate successful DMA attacks against systems with these mitigations enabled.

However, that protection is only available on computers made in 2019 and later.

Obviously, a tiny percentage of users would ever be attacked in this way. This is not an over-the-air malware attack, with code planted on your machine through a malicious email attachment. This is a targeted and high-risk attack, your physical machine needs to be accessible and there needs to be a serious reason for an attacker to want to pull your data.

Intel suggests users should check with their system manufacturers to determine if their system has these mitigations incorporated. For all systems, Intel recommends following standard security practices, including the use of only trusted peripherals and preventing unauthorized physical access to computers.

To protect yourself, you should “avoid leaving your system unattended while powered on, even if screenlocked,” Ruytenberg says, avoid using sleep mode and ensure the physical security of your Thunderbolt peripherals.

Tags: ThunderboltCybersecurityThunderbolt 3
Previous Post
Chinese Chip Maker UNISOC Upgrades its Tablet Chipset Portfolio, Brings 85Hz E-ink Displays to Smartphones
Next Post
Sony, ANA to Develop Remotely Controlled Avatar Robots

Related Posts

  • Intel Leads Industry with Next-Generation Thunderbolt

  • Intel’s Thunderbolt Tech Turns 10

  • Promise PegasusPro revolutionizes DAS and NAS over Thunderbolt

  • Apple Says 'No Evidence' iPhone Mail Bug Used Against Consumers

  • Malwarebytes Introduces VPN Service

  • Google Says State-backed Hackers Use Coronavirus For Phishing Attacks

  • Apple to Patch Serious iOS Vulnerability

  • Apple is The Most Imitated Brand For Phishing in Q1 2020

Latest News

ASUS Republic of Gamers Announces ROG Phone 7
Smartphones

ASUS Republic of Gamers Announces ROG Phone 7

Lenovo introduces Lenovo LOQ Gaming, Slim line Laptops and Tower PC for New Gamers
Gaming

Lenovo introduces Lenovo LOQ Gaming, Slim line Laptops and Tower PC for New Gamers

Amazon Fire TV Surpasses 200 Million Fire TV Devices Sold Globally, Expands Amazon-Built TV Lineup, and Brings its Smart TV to More Countries
Consumer Electronics

Amazon Fire TV Surpasses 200 Million Fire TV Devices Sold Globally, Expands Amazon-Built TV Lineup, and Brings its Smart TV to More Countries

Supercharge with Gen 5! MSI launches next Gen SSD - SPATIUM M570 HS
PC components

Supercharge with Gen 5! MSI launches next Gen SSD - SPATIUM M570 HS

COLORFUL Announces Battle-Ax Redline DDR5 and DDR4 Gaming Memory
PC components

COLORFUL Announces Battle-Ax Redline DDR5 and DDR4 Gaming Memory

Popular Reviews

Withings Thermo Wi-Fi-connected temporal thermometer

Withings Thermo Wi-Fi-connected temporal thermometer

Withings Body Plus Scale

Withings Body Plus Scale

Withings Sleep Analyzer

Withings Sleep Analyzer

EnGenius ECW230 Access Point

EnGenius ECW230 Access Point

Pioneer BDR-S13U-X Blu-Ray Recorder

Pioneer BDR-S13U-X Blu-Ray Recorder

EnGenius ECW230S AP

EnGenius ECW230S AP

Noctua NH-D12L CPU Cooler

Noctua NH-D12L CPU Cooler

be quiet! Pure Rock 2 FX

be quiet! Pure Rock 2 FX

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed