Thunderspy New Thunderbolt Vulnerabilities allow Access to Computer Data

Google

The New Thunderbolt Security MacOs!

Thunderbolt is affected by a new failure, called Thunderspy, to recover all data from a machine provided it has physical access. Intel tempers discovery, evoking security procedures in place. But it’s not that simple.

Thunderbolt is affected by a new failure, called Thunderspy, to recover all data from a machine... provided it has physical access. Intel tempers discovery, evoking security procedures in place. But it’s not that simple.

A little over a year ago, Thunderbolt 3’s 

Thunderclap fault was the talk of it. Today, Björn Ruytenberg of the University of Eindhoven returns to the forefront with Thunderspy detailed in a detailed scientific publication. She is of course entitled to her dedicated website.

Its consequences can be serious, according to the researcher: If your computer has a Thunderbolt port, an attacker who physically accesses it [and has a screwdriver to partially dismantle it] can read and copy all your data, even if your storage device is encrypted, that your computer is locked or in standby. Thunderspy is stealthy, which means you won’t find any trace of the attack».

Nine attacks on Windows and Linux, macOS partially affected.

The researcher and other experts at his university are hammering the nail: We found seven vulnerabilities in Intel’s design and developed nine actionable scenarios on how they could be exploited by a malicious entity to access your system.”

Windows and Linux machines are vulnerable to all nine attacks, while macOS machines are only partially affected by two of them.

In practice, it is necessary to be able to open the back cover of the laptop in order to flash the firmware of the Thunderbolt controller (a toolbox has been put online). This operation wouldn’t take more than five minutes. In addition to disabling Thunderbolt’s security, it also blocks future firmware updates.

Open source software is available on Github to check if your machine – Windows or Linux – is vulnerable to Thunderspy. An explanatory video has also been published:

For Intel, circulate it has nothing to do.

According to Intel, there is (almost) nothing new in this story: Although the underlying vulnerability is not new and has already been fixed in versions of operating systems released last year, the researchers demonstrated new potential attack vectors using a customized device on systems that did not have these mitigation measures activated.”

According to the American giant, the protections put in place on the Linux 5.x, macOS 10.12.4 and Windows 10 kernel in its 1803 version would be enough to protect itself from Thunderspy. He added that “researchers have not demonstrated successful attacks on systems with these attenuations activated.”

Not according to researchers.

But according to Wired, not everything is as simple: «This Kernel DMA protection is missing in all computers manufactured before 2019, and it is still not a standard today». This certainly does not contradict the statement of Intel, but brings a very important nuance: many machines would be vulnerable.

Our colleagues add that the researchers would not have found “any Dell machine with Kernel DMA protection, including 2019 and newer ones, and they could only identify a few 2019 HP and Lenovo models or newer ones using it.”

Thunderbolt Software Speed Dock Bandwidth USB Cable !

When asked by our colleagues, Dell explains that “customers concerned about these threats…avoid connecting unknown or unreliable devices to their PC”; customers will certainly appreciate the answer. The manufacturer refers to Intel for more details… which in turn refers to the manufacturers.

For its part, HP claims that most of its fixed and mobile computers are protected (this is the case of those supporting Sure Start Gen5), while Lenovo is still thinking about its answer on the subject and that Samsung has not responded. In short, it is far from being won.

Björn Ruytenberg plans to discuss Thunderspy in more detail at the Black Hat conference in the fall of 2020. Hopefully this will be taken into account for the USB4 devices, based on Thunderbolt 3.