Researcher Finds 7 Vulnerabilities in Intel Thunderbolt Chips

Researcher Finds 7 Vulnerabilities in Intel Thunderbolt Chips

Researcher Finds 7 Vulnerabilities in Intel Thunderbolt Chips

There is more to the Thunderbolt port-related vulnerability.

The attack, known as Thunderspy, exploits vulnerabilities present in Thunderbolt 1, 2, and 3 and it works on any Windows or Linux computer with Thunderbolt ports sold before 2019. That bad actor now has full access to the computer.

The video which is included in the report demonstrates the how an attacker could take advantage of the vulnerability.

All Thunderbolt port attacks. including those associated with Thunderspy, require physical access, meaning the hacker must have your laptop or desktop in their hands to successfully complete the strike.

Researchers have uncovered a flaw in Intel's Thunderbolt port that jeopardises the security of millions of laptops manufactured before 2019. This in order to get access to your system, past the defenses that Intel had set up for your protection.

"While the underlying vulnerability is not new and was addressed in operating system releases a year ago, the researchers demonstrated new potential physical attack vectors using a customized peripheral device on systems that did not have these mitigations enabled", Bryant said on the blog Sunday.

"Despite our repeated efforts, the rationale to Intel's decision not to mitigate the Thunderspy vulnerabilities on in-market systems remains unknown". The Thunderspy vulnerabilities can not be fixed in software, impact future standards such as USB 4 and Thunderbolt 4, and will require a silicon redesign.

Ruytenberg claims to have found more potential vulnerabilities in Thunderbolt protocol, which is now are part of an ongoing researcher and expected to be revealed soon as 'Thunderspy 2'.

5 players test positive for coronavirus, La Liga confirms
Real Madrid skipper Sergio Ramos believes resumption of football in the country will help provide boost to Spain's economy. Five players from Spain's top two leagues have tested positive for coronavirus , La Liga confirmed on Sunday.

Ruytenberg said he found seven vulnerabilities in Intel's design for the port, with nine different realistic scenarios for accessing a computer's data, collectively referred to as Thunderspy. There is some level of authentication between devices and the computer but if an attacker is able to make his own malicious device look like a trusted Thunderbolt device, as Ruytenberg has shown he can do, then he's in business. They've chosen a method that's cloneable. "The little I found I could easily break or bypass", he said.

"That could be your laptop or it could be your docking station or anything else".

For the purposes of the demonstration, he used about $400 worth of equipment, including an SPI programmer device with an SOP8 clip.

Intel also stressed that the most widely used operating systems have all introduced Kernal Direct Memory Access (DMA) protection to shield against attacks such as this. Here's how to check to see if your machine has Kernel DMA Protection.

"They need to change the silicon to only run signed code and that's not a simple thing."

"All Thunderbolt-equipped systems shipped between 2011-2020 are vulnerable", Ruytenberg continued, adding that the flaws can only be completely mitigated by redesigning and replacing the chips involved.

Many other PCs also have Thunderbolt capabilities.

Only devices with Thunderbolt connectivity are vulnerable to these attacks. To workaround the shortcomings on vulnerable systems, it's recommended you "ensure appropriate physical security when storing your system and any Thunderbolt devices, including Thunderbolt-powered displays", and "consider using hibernation (Suspend-to-Disk) or powering off the system completely". Finally, Thunderspy demonstrates the ability to permanently disable Thunderbolt security and block all future firmware updates. Intel, Apple and 11 OEMs/ODMs and the Linux kernel security team have been notified about the problems.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.