PCs Made Before 2020 Vulnerable To ‘Thunderspy’ Attacks
Björn Ruytenberg, a security researcher from the Eindhoven University of Technology, has found that PCs manufactured in 2019 and earlier can be hacked via a flaw in the Thunderbolt port. The so-called “Thunderspy” cyberattack could see all the data to be taken from your PC, even when it is locked or in sleep mode.
The Thunderbolt port is a high-bandwidth interconnect promoted by Intel. A Thunderspy attack takes advantage of this viable entry point to steal data from encrypted devices.
Ruytenberg said that the port’s vulnerabilities could lead to nine exploitation scenarios.
For users with PCs that have these vulnerabilities, Ruytenberg recommends permanently disabling Thunderbolt security entirely and blocking all future firmware updates. Software updates will not be able to safeguard a PC against Thunderspy attacks.
According to Fossbytes, this vulnerable Kernel DMA – which provides PCs protection against drive-by Direct Memory Access (DMA) – is only found in a handful of PCs manufactured in 2019 or before as it is not standard practice yet. There are reportedly no Dell PCs and only a few Lenovo and HP models that are equipped with DMA.
However, Ruytenberg said: “All Thunderbolt-equipped systems shipped between 2011-2020 are vulnerable. Some systems providing Kernel DMA Protection, shipping since 2019, are partially vulnerable.”
Ruytenberg has made his diagnostic tool for Thunderspy vulnerabilities – called Spycheck – available to the public here. If a device is found to be vulnerable Spycheck will provide guidance on how to protect their system.
Björn Ruytenberg. Breaking Thunderbolt Protocol Security: Vulnerability Report. 2020. https://thunderspy.io/assets/reports/breaking-thunderbolt-security-bjorn-ruytenberg-20200417.pdf