Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
Seven Vulnerabilities Announced for Computers with Thunderbolt USB-C Connectors
May 12, 2020
Thunderspy sounds like a movie title, but it's the name given to the multitude of vulnerabilities announced for any computer with a Thunderbolt connection. The Hacker News was one of the sources posting information about the vulnerabilities. The vulnerabilities are pretty nasty and can steal or manipulate the memory contents of a system even if it is locked or in a sleep state even if the drives are protected with encryption. The vulnerabilities were discovered by Björn Ruytenberg of the Eindhoven University of Technology and "may require opening a target laptop's case with a screwdriver, [but] it leaves no trace of intrusion and can be pulled off in just a few minutes."
The list of Thunderbolt vulnerabilities impact version 1, 2 and 3 on machines running Windows, Linux and Apple MacBooks (except retina versions) sold since 2011.
- Inadequate firmware verification schemes
- Weak device authentication scheme
- Use of unauthenticated device metadata
- Downgrade attack using backward compatibility
- Use of unauthenticated controller configurations
- SPI flash interface deficiencies
- No Thunderbolt security on Boot Camp
The attacker does require physical access to the computer, so don't let your machine out of your sight or power it down when not in use. Avoid sleep mode too.
Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com