Breaking News

Time to Walk: An inspiring audio walking experience comes to Apple Fitness+ Galaxy Tab S7 & S7+ Users Can Enjoy More Streamlined Galaxy Ecosystem Experiences with One UI 3 Update, Starting Today IIYAMA INTRODUCES TWO NEW G-MASTERS RED EAGLE #MONITORS4GAMERS: A 24’’ GB2470HSU AND A 27’’ GB2770HSU Samsung Display to Introduce First 90Hz OLED Laptop Display addlink launch P20 Portable SSD speed of up to 1050MB/s

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Intel Confirms "Thunderspy" Risk in Thuerbolt Devices

Intel Confirms "Thunderspy" Risk in Thuerbolt Devices

PC components May 11,2020 0

A Thunderbolt flaw could let hackers steal your data within minutes, and grab encrypted data even if you lock your PC.

Researchers from Eindhoven University of Technology last February reached out to Intel with a report on Thunderbolt, which they refer to as “Thunderspy”.

In the report, they discussed issues related to invasive physical attacks on Thunderbolt hosts and devices. While the underlying vulnerability is not new and was addressed in operating system releases last year, the researchers demonstrated new potential physical attack vectors using a customized peripheral device on systems that did not have these mitigations enabled.

Attackers could steal data from Thunderbolt-equipped PCs or Linux computers, even if the computer is locked and the data encrypted, according to security researcher Björn Ruytenberg. Using a simple technique called “Thunderspy,” someone with physical access to your machine could nab your data in just five minutes with a screwdriver and “easily portable hardware,” he wrote.

Thunderbolt is giving devices direct access to your PC’s memory, which also creates a number of vulnerabilities. Ruytenberg’s attack method is changing the firmware that controls the Thunderbolt port, allowing any device to access it.

The attack requires about $400 worth of gear, including an SPI programmer and $200 Thunderbolt peripheral.

In 2019, major operating systems implemented Kernel Direct Memory Access (DMA) protection to mitigate against attacks such as these. This includes Windows (Windows 10 1803 RS4 and later), Linux (kernel 5.x and later), and MacOS (MacOS 10.12.4 and later). The researchers did not demonstrate successful DMA attacks against systems with these mitigations enabled.

However, that protection is only available on computers made in 2019 and later.

Obviously, a tiny percentage of users would ever be attacked in this way. This is not an over-the-air malware attack, with code planted on your machine through a malicious email attachment. This is a targeted and high-risk attack, your physical machine needs to be accessible and there needs to be a serious reason for an attacker to want to pull your data.

Intel suggests users should check with their system manufacturers to determine if their system has these mitigations incorporated. For all systems, Intel recommends following standard security practices, including the use of only trusted peripherals and preventing unauthorized physical access to computers.

To protect yourself, you should “avoid leaving your system unattended while powered on, even if screenlocked,” Ruytenberg says, avoid using sleep mode and ensure the physical security of your Thunderbolt peripherals.

Tags: ThunderboltCybersecurityThunderbolt 3
Previous Post
Chinese Chip Maker UNISOC Upgrades its Tablet Chipset Portfolio, Brings 85Hz E-ink Displays to Smartphones
Next Post
Sony, ANA to Develop Remotely Controlled Avatar Robots

Related Posts

  • Promise PegasusPro revolutionizes DAS and NAS over Thunderbolt

  • Apple Says 'No Evidence' iPhone Mail Bug Used Against Consumers

  • Malwarebytes Introduces VPN Service

  • Google Says State-backed Hackers Use Coronavirus For Phishing Attacks

  • Apple to Patch Serious iOS Vulnerability

  • Apple is The Most Imitated Brand For Phishing in Q1 2020

  • Microsoft Shares Threat Intelligence During Global Crisis

  • Avast Launches New Mobile Browser With Complete Data Encryption

Latest News

Time to Walk: An inspiring audio walking experience comes to Apple Fitness+
Consumer Electronics

Time to Walk: An inspiring audio walking experience comes to Apple Fitness+

Galaxy Tab S7 & S7+ Users Can Enjoy More Streamlined Galaxy Ecosystem Experiences with One UI 3 Update, Starting Today
Consumer Electronics

Galaxy Tab S7 & S7+ Users Can Enjoy More Streamlined Galaxy Ecosystem Experiences with One UI 3 Update, Starting Today

IIYAMA INTRODUCES TWO NEW G-MASTERS RED EAGLE #MONITORS4GAMERS: A 24’’ GB2470HSU AND A 27’’ GB2770HSU
PC components

IIYAMA INTRODUCES TWO NEW G-MASTERS RED EAGLE #MONITORS4GAMERS: A 24’’ GB2470HSU AND A 27’’ GB2770HSU

Samsung Display to Introduce First 90Hz OLED Laptop Display
Enterprise & IT

Samsung Display to Introduce First 90Hz OLED Laptop Display

addlink launch P20 Portable SSD speed of up to 1050MB/s
PC components

addlink launch P20 Portable SSD speed of up to 1050MB/s

Popular Reviews

CeBIT 2005

CeBIT 2005

Zidoo Z9S 4K Media Player review

Zidoo Z9S 4K Media Player review

CeBIT 2006

CeBIT 2006

LiteOn iHBS112 review

LiteOn iHBS112 review

Club3D HD3850

Club3D HD3850

Crucial P1 NVMe 1TB SSD review

Crucial P1 NVMe 1TB SSD review

Toshiba Exceria M303 64GB and M501 Exceria Pro 64GB MicroSDXC review

Toshiba Exceria M303 64GB and M501 Exceria Pro 64GB MicroSDXC review

Hitachi DZ-MV100A DVD Camcorder

Hitachi DZ-MV100A DVD Camcorder

  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed