H L Data Storage Store Banner 970x90
Breaking News

Seagate releases New Enterprise-Class 5550 /5350 Nytro SSDs SK hynix Develops World’s Highest 238-Layer 4D NAND Flash Samsung Electronics Unveils Far-Reaching, Next-Generation Memory Solutions at Flash Memory Summit 2022 ATP Introduces High-Endurance M.2 2230 SSDs Packed with Customizable Security Features Kioxia Launches Second Generation of High-Performance, Cost-Effective XL-FLASH™ Storage Class Memory Solution

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Intel Confirms "Thunderspy" Risk in Thuerbolt Devices

Intel Confirms "Thunderspy" Risk in Thuerbolt Devices

PC components May 11,2020 0

A Thunderbolt flaw could let hackers steal your data within minutes, and grab encrypted data even if you lock your PC.

Researchers from Eindhoven University of Technology last February reached out to Intel with a report on Thunderbolt, which they refer to as “Thunderspy”.

In the report, they discussed issues related to invasive physical attacks on Thunderbolt hosts and devices. While the underlying vulnerability is not new and was addressed in operating system releases last year, the researchers demonstrated new potential physical attack vectors using a customized peripheral device on systems that did not have these mitigations enabled.

Attackers could steal data from Thunderbolt-equipped PCs or Linux computers, even if the computer is locked and the data encrypted, according to security researcher Björn Ruytenberg. Using a simple technique called “Thunderspy,” someone with physical access to your machine could nab your data in just five minutes with a screwdriver and “easily portable hardware,” he wrote.

Thunderbolt is giving devices direct access to your PC’s memory, which also creates a number of vulnerabilities. Ruytenberg’s attack method is changing the firmware that controls the Thunderbolt port, allowing any device to access it.

The attack requires about $400 worth of gear, including an SPI programmer and $200 Thunderbolt peripheral.

In 2019, major operating systems implemented Kernel Direct Memory Access (DMA) protection to mitigate against attacks such as these. This includes Windows (Windows 10 1803 RS4 and later), Linux (kernel 5.x and later), and MacOS (MacOS 10.12.4 and later). The researchers did not demonstrate successful DMA attacks against systems with these mitigations enabled.

However, that protection is only available on computers made in 2019 and later.

Obviously, a tiny percentage of users would ever be attacked in this way. This is not an over-the-air malware attack, with code planted on your machine through a malicious email attachment. This is a targeted and high-risk attack, your physical machine needs to be accessible and there needs to be a serious reason for an attacker to want to pull your data.

Intel suggests users should check with their system manufacturers to determine if their system has these mitigations incorporated. For all systems, Intel recommends following standard security practices, including the use of only trusted peripherals and preventing unauthorized physical access to computers.

To protect yourself, you should “avoid leaving your system unattended while powered on, even if screenlocked,” Ruytenberg says, avoid using sleep mode and ensure the physical security of your Thunderbolt peripherals.

Tags: ThunderboltCybersecurityThunderbolt 3
Previous Post
Chinese Chip Maker UNISOC Upgrades its Tablet Chipset Portfolio, Brings 85Hz E-ink Displays to Smartphones
Next Post
Sony, ANA to Develop Remotely Controlled Avatar Robots

Related Posts

  • Intel’s Thunderbolt Tech Turns 10

  • Promise PegasusPro revolutionizes DAS and NAS over Thunderbolt

  • Apple Says 'No Evidence' iPhone Mail Bug Used Against Consumers

  • Malwarebytes Introduces VPN Service

  • Google Says State-backed Hackers Use Coronavirus For Phishing Attacks

  • Apple to Patch Serious iOS Vulnerability

  • Apple is The Most Imitated Brand For Phishing in Q1 2020

  • Microsoft Shares Threat Intelligence During Global Crisis

H L Data Storage Store Banner 300x600

 

Latest News

Seagate releases New Enterprise-Class 5550 /5350 Nytro SSDs
Enterprise & IT

Seagate releases New Enterprise-Class 5550 /5350 Nytro SSDs

SK hynix Develops World’s Highest 238-Layer 4D NAND Flash
Enterprise & IT

SK hynix Develops World’s Highest 238-Layer 4D NAND Flash

Samsung Electronics Unveils Far-Reaching, Next-Generation Memory Solutions at Flash Memory Summit 2022
Enterprise & IT

Samsung Electronics Unveils Far-Reaching, Next-Generation Memory Solutions at Flash Memory Summit 2022

ATP Introduces High-Endurance M.2 2230 SSDs Packed with Customizable Security Features
Enterprise & IT

ATP Introduces High-Endurance M.2 2230 SSDs Packed with Customizable Security Features

Kioxia Launches Second Generation of High-Performance, Cost-Effective XL-FLASH™ Storage Class Memory Solution
Enterprise & IT

Kioxia Launches Second Generation of High-Performance, Cost-Effective XL-FLASH™ Storage Class Memory Solution

Popular Reviews

CeBIT 2005

CeBIT 2005

CeBIT 2006

CeBIT 2006

Zidoo Z9S 4K Media Player review

Zidoo Z9S 4K Media Player review

LiteOn iHBS112 review

LiteOn iHBS112 review

Club3D HD3850

Club3D HD3850

External USB Slim Recorders Comparison

External USB Slim Recorders Comparison

Pioneer BDR-2207 (BDR-207M) BDXL burner review

Pioneer BDR-2207 (BDR-207M) BDXL burner review

Crucial P1 NVMe 1TB SSD review

Crucial P1 NVMe 1TB SSD review

  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed