Scary Thunderbolt flaws leave millions of PCs vulnerable: What to do
Scary Thunderbolt flaws leave millions of PCs vulnerable: What to practise
7 Thunderbolt flaws that let attackers with physical admission to a device steal encrypted data have been discovered by a Dutch security researcher, who said he was able to enter a locked PC using a couple of portable tools in but five minutes.
The researcher, Björn Ruytenberg, used "hands portable hardware," a screwdriver and custom code to enter a password-protected laptop through the Thunderbolt port. Ruytenberg demonstrated the discovery in a video, showing how the vulnerability can facilitate a v-infinitesimal assault.
- Protect yourself: The best antivirus software
- All the Zoom security bug (so far)
- New: Galaxy A51 is tragic proof that Samsung can't beat out the iPhone SE
In the video, Ruytenberg screwed off the backplate of a 2019 Lenovo P1, then used a spy programmer chosen Bus Pirate to interface with the SPI flash that stores the laptop's Thunderbolt controller firmware.
After attaching the Omnibus Pirate to the "attacker" laptop, Ruytenberg used a tool called Flashrom to pull the Thunderbolt firmware from the SPI wink.
With firmware editing access, Ruytenberg disabled the Thunderbolt's security, then removed the Bus Pirate from the victim laptop. The researched attached a unlike hacking device via Thunderbolt, which loaded a kernel module into the memory of the laptop.
In minutes, Ruytenberg bypassed the Windows lock screen, completing the attack.
While this method of forced entry has a number of prerequisites, information technology'due south a textbook "evil maid" attack in which an unauthorized person, such equally a hotel staffer, could hack your devices while yous're out of your hotel room.
You don't desire to get out your laptop unattended in a hotel in a hostile state, only such an assail could likewise occur in a library or buffet where you might walk away from your computer to use a restroom.
Is my PC or Mac affected by Thunderspy?
But devices with Thunderbolt connectivity are vulnerable to these attacks. Almost all Macs since 2011 do take Thunderbolt, although the Thunderspy flaws are more often than not defanged past Apple software precautions.
Many other PCs also have Thunderbolt capabilities. You'll want to physically cheque your PC'south ports to see if Thunderbolt is built in. Thunderbolt ports expect like regular USB-C or MiniDisplay ports, except they've got a lilliputian lighting bolt printed next to the port instead or or alongside the regular USB or display symbols.
If y'all don't have whatsoever Thunderbolt-capable ports, then you don't demand to worry. If you do, the Thunderspy flaws are generally fixed by some recent Intel hardware modifications, but only a few PCs will have those.
ZDNet listed those models as "HP EliteBook and ZBook 2019 and later, Lenovo ThinkPad P53 and X1 Carbon 2019 and later, and the Lenovo Yoga C940, if it shipped with Intel's Ice Lake CPU."
Those PCs, all of which shipped in 2019 and 2020, are nearly immune to the Thunderspy attacks considering of a Windows characteristic called Kernel DMA Protection. Here's how to check to see if your machine has Kernel DMA Protection.
Linux also has implemented Kernel DMA Protection at the operating-system level, but it only applies to sure machines.
Macs, every bit mentioned earlier, are more often than not impervious to the Thunderspy attacks because of mitigations in macOS. But Macs running Windows or Linux via Kick Camp are completely unprotected.
Ruytenberg has also congenital a couple of Thunderspy-checking software tools for Windows and Linux that y'all can run to see whether your machine is affected.
Thunderspy flaws: What yous tin exercise
All Thunderbolt port attacks. including those associated with Thunderspy, require concrete access, meaning the hacker must have your laptop or desktop in their hands to successfully complete the strike.
These attacks tin can't exist carried out remotely, meaning the best prevention method is keeping your laptop in your possession whenever you're somewhere with people you don't know.
Your laptop or desktop is prophylactic in your home, just if y'all commute or travel with it, don't go out information technology unattended. Don't plug whatever device yous don't ain into your Thunderbolt ports, similar USB-C chargers or projectors or someone else's phone that might need a charge.
Unfortunately, unless your motorcar has Kernel DMA Protection adequacy at the hardware level, in that location's no real set up for these flaws, Ruytenberg said, and neither volition any be forthcoming.
A brief history of Thunderbolt vulnerabilities
This isn't the offset instance of a Thunderbolt port enabling a security threat for PCs. Last year researchers found that all Apple tree laptops and desktops produced since 2011, with the exception of the 12-inch MacBook, are vulnerable to a flaw dubbed "Thunderclap."
In 2014, a researcher developed proof-of-concept malware called Thunderstrike that could bound from one Mac to another using Thunderbolt devices. That flaw was fixed with an update, but it seems the more recent Thunderclap has just been mitigated since its discovery — not entirely patched.
Equally was the case in Thunderclap and Thunderstrike, the best Mac antivirus software and other traditional protections won't aid yous against the current Thunderbolt flaw.
- The best password managers we've tested
Source: https://www.tomsguide.com/news/thunderspy-hack-attack
Posted by: baileyevess1974.blogspot.com
0 Response to "Scary Thunderbolt flaws leave millions of PCs vulnerable: What to do"
Post a Comment