Thunderspy

Thunderspy
A logo created for the vulnerability, featuring an image of a spy
CVE identifier(s)CVE-2020-????
Date discoveredMay 2020; 4 years ago (2020-05)
Date patched2019 via Kernel DMA Protection
DiscovererBjörn Ruytenberg
Affected hardwareComputers manufactured before 2019, and some after that, having the Intel Thunderbolt 3 (and below) port.[1]
Websitethunderspy.io

Thunderspy is a type of security vulnerability, based on the Intel Thunderbolt 3 port, first reported publicly on 10 May 2020, that can result in an evil maid (i.e., attacker of an unattended device) attack gaining full access to a computer's information in about five minutes, and may affect millions of Apple, Linux and Windows computers, as well as any computers manufactured before 2019, and some after that.[1][2][3][4][5][6][7][8]

According to Björn Ruytenberg, the discoverer of the vulnerability, "All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop. All of this can be done in under five minutes."[1] The malicious firmware is used to clone device identities which makes classical DMA attack possible.[4]

History

The Thunderspy security vulnerabilities were first publicly reported by Björn Ruytenberg of Eindhoven University of Technology in the Netherlands on 10 May 2020.[9] Thunderspy is similar to Thunderclap,[10][11] another security vulnerability, reported in 2019, that also involves access to computer files through the Thunderbolt port.[8]

Impact

The security vulnerability affects millions of Apple, Linux and Windows computers, as well as all computers manufactured before 2019, and some after that.[1][3][4] However, this impact is restricted mainly to how precise a bad actor would have to be to execute the attack. Physical access to a machine with a vulnerable Thunderbolt controller is necessary, as well as a writable ROM chip for the Thunderbolt controller's firmware.[4] Additionally, part of Thunderspy, specifically the portion involving re-writing the firmware of the controller, requires the device to be in sleep,[4] or at least in some sort of powered-on state, to be effective.[12] Machines that force power-off when the case is open may assist in resisting this attack to the extent that the feature (switch) itself resists tampering.

Due to the nature of attacks that require extended physical access to hardware, it's unlikely the attack will affect users outside of a business or government environment.[12][13]

Mitigation

The researchers claim there is no easy software solution, and may only be mitigated by disabling the Thunderbolt port altogether.[1] However, the impacts of this attack (reading kernel level memory without the machine needing to be powered off) are largely mitigated by anti-intrusion features provided by many business machines.[14] Intel claims enabling such features would substantially restrict the effectiveness of the attack.[15] Microsoft's official security recommendations recommend disabling sleep mode while using BitLocker.[16] Using hibernation in place of sleep mode turns the device off, mitigating potential risks of attack on encrypted data.

References

  1. ^ a b c d e Greenberg, Andy (10 May 2020). "Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking - The so-called Thunderspy attack takes less than five minutes to pull off with physical access to a device, and it affects any PC manufactured before 2019". Wired. Retrieved 11 May 2020.
  2. ^ Porter, Jon (11 May 2020). "Thunderbolt flaw allows access to a PC's data in minutes - Affects all Thunderbolt-enabled PCs manufactured before 2019, and some after that". The Verge. Retrieved 11 May 2020.
  3. ^ a b Doffman, Zak (11 May 2020). "Intel Confirms Critical New Security Problem For Windows Users". Forbes. Retrieved 11 May 2020.
  4. ^ a b c d e Ruytenberg, Björn (2020). "Thunderspy: When Lightning Strikes Thrice: Breaking Thunderbolt 3 Security". Thunderspy.io. Retrieved 11 May 2020.
  5. ^ Kovacs, Eduard (11 May 2020). "Thunderspy: More Thunderbolt Flaws Expose Millions of Computers to Attacks". SecurityWeek.com. Retrieved 11 May 2020.
  6. ^ O'Donnell, Lindsey (11 May 2020). "Millions of Thunderbolt-Equipped Devices Open to 'ThunderSpy' Attack". ThreatPost.com. Retrieved 11 May 2020.
  7. ^ Wyciślik-Wilson, Sofia (11 May 2020). "Thunderspy vulnerability in Thunderbolt 3 allows hackers to steal files from Windows and Linux machines". BetaNews.com. Retrieved 11 May 2020.
  8. ^ a b Gorey, Colm (11 May 2020). "Thunderspy: What you need to know about unpatchable flaw in older PCs". SiliconRepublic.com. Retrieved 12 May 2020.
  9. ^ Ruytenberg, Björn (17 April 2020). "Breaking Thunderbolt Protocol Security: Vulnerability Report. 2020" (PDF). Thunderspy.io. Retrieved 11 May 2020.
  10. ^ Staff (26 February 2019). "Thunderclap: Modern computers are vulnerable to malicious peripheral devices". Retrieved 12 May 2020.
  11. ^ Gartenberg, Chaim (27 February 2019). "'Thunderclap' vulnerability could leave Thunderbolt computers open to attacks - Remember: don't just plug random stuff into your computer". The Verge. Retrieved 12 May 2020.
  12. ^ a b Grey, Mishka (13 May 2020). "7 Thunderbolt Vulnerabilities Affect Millions of Devices: 'Thunderspy' Allows Physical Hacking in 5 Minutes - Do you own a Thunderbolt equipped laptop, and have bought it after 2011? Well, we've news for YOU. 7 newly discovered Intel Thunderbolt vulnerabilities have exposed your device to hackers. Learn what to do?". HackReports.com. Retrieved 18 May 2020.
  13. ^ codeHusky (11 May 2020). "Video (11:01) - Thunderspy is nothing to worry about - Here's why". YouTube. Retrieved 12 May 2020.
  14. ^ Staff (26 March 2019). "Kernel DMA Protection for Thunderbolt™ 3 (Windows 10) - Microsoft 365 Security". Microsoft Docs. Retrieved 17 May 2020.
  15. ^ Jerry, Bryant (10 May 2020). "More Information on Thunderbolt(TM) Security - Technology@Intel". Retrieved 17 May 2020.
  16. ^ "BitLocker Security FAQ (Windows 10) - Windows security".

Read other articles:

Kateryna Proyda

Ukrainian figure skater Kateryna ProidaProida in 2007Native nameКатерина ПройдаOther namesEkaterina ProidaBorn (1989-08-03) 3 August 1989 (age 34)Dnipropetrovsk, Ukrainian SSRHeight1.66 m (5 ft 5+1⁄2 in)Figure skating careerCountryUkraineBegan skating1993Retired2010 Kateryna (Ekaterina) Proida (Ukrainian: Катерина Пройда, born 3 August 1989 in Dnipropetrovsk) is a Ukrainian former competitive figure skater. She competed at four ISU Champio...

Bossangoa

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: Bossangoa – news · newspapers · books · scholar · JSTOR (December 2013) (Learn how and when to remove this template message) Place in Ouham, Central African RepublicBossangoaNutritional Therapeutic Unit in BossangoaBossangoaLocation in Central African RepublicC...

Обговорення:Солоне (Чортківський район)

Ця стаття є частиною Проєкту:Населені пункти України (рівень: невідомий) Портал «Україна»Мета проєкту — покращувати усі статті, присвячені населеним пунктам та адміністративно-територіальним одиницям України. Ви можете покращити цю статтю, відредагувавши її, а на стор�...

Remomeix

Peta infrastruktur dan tata guna lahan di Komune Remomeix.  = Kawasan perkotaan  = Lahan subur  = Padang rumput  = Lahan pertanaman campuran  = Hutan  = Vegetasi perdu  = Lahan basah  = Anak sungaiRemomeix merupakan sebuah komune di departemen Vosges yang terletak pada sebelah timur laut Prancis. Lihat pula Komune di departemen Vosges Referensi INSEE lbsKomune di departemen Vosges Les Ableuvenettes Ahéville Aingeville Ainvelle Allarmont Ambacourt Ameuv...

Wybory prezydenckie w Stanach Zjednoczonych w 1988 roku

Wybory prezydenckie w Stanach Zjednoczonych w 1988 roku Państwo  Stany Zjednoczone Rodzaj wybory prezydenckie Data przeprowadzenia 8 listopada 1988 (głosowanie powszechne) Podstawa prawna Konstytucja Stanów Zjednoczonych Głosowanie Wyniki wyborów prezydenckich (% głosów elektorskich):Bush71,2%Dukakis20,6%Bentsen0,2% Wyniki wyborów wiceprezydenckich (% głosów elektorskich):Quayle71,2%Bentsen20,6%Dukakis0,2% Frekwencja:50,3% poprzednie:1984 następne:1992 Mapa wyborcza Stanów Zj...

Trans Patriot

Trans PatriotArmada bus Trans Patriot, 2023Didirikan16 September 2018 (2018-09-16)Kantor pusatPT Mitra PatriotWilayah layananKota BekasiJenis layananbus raya terpaduRute1 koridorJumlah perhentianhalte dalam tahap pembangunan Trans Patriot adalah sistem transportasi bus raya terpadu yang mulai beroperasi pada tanggal 26 November 2018 di Kota Bekasi, Jawa Barat. Layanan bus raya terpadu ini diciptakan untuk memudahkan mobilitas warga Kota Bekasi agar mau beralih menggunakan transportasi pu...

Abhishekam (TV series)

Indian television series For the 1998 film, see Abhishekam (film). AbhishekamGenreSoap OperaDirected byDasari Narayana Rao Haricharan Lakshmi Srinivas Venkat SriramojuCountry of originIndiaOriginal languageTeluguNo. of episodes4000ProductionProducerDasari PadmaRunning time22 minutesProduction companySowbhagya Media Ltd[1]Original releaseNetworkETV (Telugu)Release22 December 2008 (2008-12-22) –1 February 2022 (2022-02-01) Abhishekam (Telugu: అభిషేకం; tran...

طرويل

  طرويل (بالإسبانية: Teruel)‏[1]    طرويل طرويل  خريطة الموقع تقسيم إداري البلد إسبانيا  [2][3] التقسيم الأعلى طرويل  خصائص جغرافية إحداثيات 40°20′37″N 1°06′26″W / 40.343611111111°N 1.1072222222222°W / 40.343611111111; -1.1072222222222  [4] المساحة 440.414455 كيلومتر مربع (1 ي...

Greenland

Autonomous territory of the Kingdom of Denmark in North America For other uses, see Greenland (disambiguation).This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: Greenland – news · newspapers · books · scholar · JSTOR (October 2023) (Learn how and when to remove this template message) Autonomous territory in th...

ضفدع مانتيلا ذو الأذن السوداء

هذه المقالة يتيمة إذ تصل إليها مقالات أخرى قليلة جدًا. فضلًا، ساعد بإضافة وصلة إليها في مقالات متعلقة بها. (مايو 2022) اضغط هنا للاطلاع على كيفية قراءة التصنيف ضفدع مانتيلا سوداء الأذن حالة الحفظ أنواع مهددة بالانقراض (خطر انقراض أقصى)[1] المرتبة التصنيفية نوع  التصنيف ا...

Samarinda Global City

Artikel ini sebatang kara, artinya tidak ada artikel lain yang memiliki pranala balik ke halaman ini.Bantulah menambah pranala ke artikel ini dari artikel yang berhubungan atau coba peralatan pencari pranala.Tag ini diberikan pada Februari 2023. Samarinda Global City (The Big Mall)Berkas:Samgoci.jpgGambar perspektif Samarinda Global CityLokasiSungai Kunjang, SamarindaKoordinat0°31′35″S 117°09′20″E / 0.52627°S 117.15558°E / -0.52627; 117.15558AlamatJl. Untun...

Atletismo nos Jogos Pan-Americanos de 1975 - Lançamento de dardo feminino

Atletismo nosJogos Pan-Americanos de 1975 Provas de pista 100 m masc fem 200 m masc fem 400 m masc fem 800 m masc fem 1500 m masc fem 5000 m masc 10000 m masc 100 m com barreiras fem 110 m com barreiras masc 400 m com barreiras masc 3000 mcom obstáculos masc Revezamento 4×100 m masc fem Revezamento 4×400 m masc fem Provas de estrada Maratona masc 20km marcha atlética masc Provas de campo Salto em distância masc fem Salto triplo masc Salto em altura masc fem Salto com vara masc Ar...

Iona

Disambiguazione – Se stai cercando altri significati, vedi Iona (disambigua). Iona(GD) Ì Chaluim ChilleIl villaggio di Iona visto dal largo a breve distanza.Geografia fisicaLocalizzazioneOceano Atlantico Coordinate56°19′48″N 6°24′36″W / 56.33°N 6.41°W56.33; -6.41Coordinate: 56°19′48″N 6°24′36″W / 56.33°N 6.41°W56.33; -6.41 ArcipelagoEbridi interne Superficie8,77 km² Altitudine massima101 m s.l.m. Geografia politicaStato...

Dominique Wilkins

Dominique Wilkins Wilkins con Panathinaikos en 1996.Datos personalesNombre completo Jacques Dominique WilkinsApodo(s) The Human Highlight Film, NiqueNacimiento París,  Francia12 de enero de 1960 (63 años)Nacionalidad(es) EstadounidenseAltura 2,03 m (6′ 8″)Peso 104 kg (229 lb)Carrera deportivaDeporte BaloncestoEquipo universitario Georgia (1979–1982)Estado RetiradoClub profesionalDraft de la NBA 1.ª ronda (puesto 3), 1982 por Utah JazzLiga NBAPosición AleroDo...

宮崎勝

漫画原作者の「宮崎まさる」とは別人です。 日本の政治家宮崎 勝みやざき まさる 生年月日 (1958-03-18) 1958年3月18日(65歳)出生地 日本 埼玉県坂戸市[1]出身校 埼玉大学工学部前職 公明新聞記者所属政党 公明党称号 工学士公式サイト 参議院議員 宮崎勝 Official Website 参議院議員選挙区 比例区当選回数 2回在任期間 2016年7月26日 - 2022年7月25日2022年10月7日 - 現職テンプ...

Mount Goyazan

Goyezan Mountain Mount Goyazan (Azerbaijani: Göyəzən dağı) is a mountain which located 20 kilometres far from the northwestern Qazakh District of Azerbaijan. It is located in the vicinity of the villages Abbasbeyli and Alpout, and rises 858 metres above sea level. Ruins of a Goyazan fortress from the 14th century were found near the mountain.[1][2][3][4] References ^ Ministry of Culture and Tourism. Goyazan fortress. Retrieved 2010-07-15. ^ Western Route. ...

英雄 (絕命律師)

〈英雄〉Hero《絕命律師》分集吉米·麥吉爾的宣傳噱頭——他安排自己拯救懸掛在空中的工人,並將整個過程錄製下來。剧集编号第1季第4集导演科林·巴克西(英语:Colin Bucksey)编剧詹妮弗·哈奇森音乐《Unsquare Dance(英语:Unsquare Dance)》由戴夫·布鲁贝克四重奏樂團演奏摄影师亞瑟·阿爾伯特(英语:Arthur Albert)剪接凱利·狄克遜(Kelley Dixon)首播日期2015年2月23日 (20...

Real Salt Lake

Real Salt LakeNázevReal Salt LakeZeměSpojené státy americkéMěstoSalt Lake CityZaložen2004 Domácí dres Venkovní dres SoutěžMajor League Soccer2009Západní Konference: 5. místoCelkově: 8. místoPlayOff: vítězStadionRio Tinto Stadium Sandy, UtahKapacita20 008 divákůVedeníVlastníkDell Loy HansenPředseda Dave ChecketsTrenér Pablo MastroeniOficiální webová stránkaNěkterá data mohou pocházet z datové položky. Real Salt Lake je fotbalový klub z USA, hrající sev...

Kel-Tec SU-16

SU-16 mengacu pada serangkaian senapan semi-otomatis dan karaben diproduksi oleh Kel-Tec CNC Industries, Inc dari Cocoa, Florida sebagaimana dimaksud dalam pemasaran Kel-Tec sebagai Sport Utility rifles. Seri SU-16 didesain dengan kompak, ringan dan sederhana, dan untuk dapat dipecah dan dilipat ke dalam konfigurasi kompak untuk transportasi dan penyimpanan. Sementara laras, baut-carrier dan mekanisme adalah baja, bahan SU-16, penerima, dan forend diproduksi dari plastik polimer kekuatan tin...

Talk:Godzilla Minus One

A request has been made for this article to be peer reviewed to receive a broader perspective on how it may be improved. Please make any edits you see fit to improve the quality of this article. Godzilla Minus One has been listed as one of the Media and drama good articles under the good article criteria. If you can improve it further, please do so. If it no longer meets these criteria, you can reassess it.Article milestonesDateProcessResultMarch 29, 2024Peer reviewReviewedJuly 6, 2024Good ar...

Philip III of Spain
Prêmio Contigo! de TV de 2011
Podocarpus elongatus
Marlon Humphrey
Climate change in Israel
Garrison
جهاز عرض سينمائي
محطة ضخ وتخزين الطاقة الكهرومائية
Tenterfield Shire Council
Марго Кіддер
Perempuan Tanah Jahanam
Mujercitas (película de 1949)
معهد ماكس بلانك لعلم الوراثة الجزيئي
Institute of Chartered Accountants of the Caribbean
Skin of My Teeth
Front de l'Ouest (Seconde Guerre mondiale)
تيبريوس الثاني
Michelle Wai
Tongkat Ottokar
Bupicomide
インドにおける大麻文化
Sign of the Times (Slade song)
Sports in San Diego
The Devil's Thoughts
Philip Bono
Star Trek Concordance
名古屋金城ふ頭アリーナ
O. N. V. Kurup
Marconi Plaza
Dead Space (mobile game)
Philander Chase
Chambers-Strathy Batholith
الرولز رويس الصفراء (فيلم)
Wei Barat
Justus Danckerts
Battle of the Dardanelles (1657)
English heraldry
Chibalo
شفيع‌ أباد (سميرم)
Legoland New York
Hồng Gia quyền
Kamasutra (album Julia Perez)
Indigo Publications
AI Foundation
John Michael Manos
Buckeye (candy)
Madagascar Kartz
Tat Cheng
House Party II (I Don't Know What You Come to Do)
Julius J. Epstein
2010 Winchester City Council election
Air India Flight 403
Free Bird
Kingsbury Commitment
Sunshine Millions
Kalis
Berrocalejo de Aragona
Thomas Grosvenor (British Army officer)
Brandon Knight (baseball)
Definitive stamps of Russia
Lynton Town Hall
Banyumudal, Moga, Pemalang
Ernie Haase & Signature Sound
Dave Rible
List of rivers of the Republic of the Congo
American Academy of Child and Adolescent Psychiatry
Alue Tampak, Kaway XVI, Aceh Barat
Sometimes I Feel Like Screaming
Kecer, Dasuk, Sumenep
First Najib cabinet
Річка Святого Лаврентія
Banasa rolstoni
Massospondylus
Acrotona cupiens
Airmark Indonesia
St Clair Comets
M-theory
Severino (film)
Akikaze (tàu khu trục Nhật)
Ghetto di Vicebsk
Northampton Lake
Sonic Nurse
經世之學
John Meinhard VII, Count of Gorizia
Peter Boysen Jensen
電導體
Bracon ricinicola
Clarksfield, Greater Manchester
List of Progress Party (Norway) MPs
SS Eleni (1947)
Ho Mann Jahaan
Jim Egan (activist)
Middleburg, Pennsylvania
Marie Heritesová
Serdang Bedagai Regency
Porcelain
Denise Scott Brown
Miss World America 1980
Two Fables
Andy Whittall
Bill Pullman
La Escala
Ehrlichiosis ewingii infection
Jalur kereta api Padang Panjang–Payakumbuh–Limbanang
擬似相関
Black Smoke
Rajesh Kotecha
Knock Nevis
Arcidiecéze ostřihomsko-budapešťská
List of Hampshire Cricket Board List A players
Transfer (sepak bola)
Scuderia Toro Rosso STR13
Abena Joan Brown
Classical antiquity
Новотроицкая
Philip H. Hilder
Lemur
Vrbice (Hořovičky)
Power Play
Biatlon op de Olympische Winterspelen 2014
ディラン・カールソン (野球)
List of governments in Belgium
Wanzhou
List of years in Qatar
Lullingstone
Morten Martens
Niger under Paralympiske sommerleker 2024
Soul Demise
Sungai Sasok
Shenzhen Broadcasting Center Building
Francuska Wspólnota Belgii
Anshun Huangguoshu Airport
Brian George Hewitt
White Bayou (suba sa Tinipong Bansa, East Baton Rouge Parish)
Nanga Mentatai, Serawai, Sintang
Arón Canet
フェイ・ベインター
List of butterflies of India
Nana Kitade
Akna (Inuit mythology)
Northleigh
Frederick Scardina
Iso-Melkutin
Halloween II
Blockstand Creek
Talk:Brian Griffin/Archive 2
Music & Me
Phaonia compressipalpis
Chaerilus pictus
Talk:Johannes Matelart
Le Premiatissime
Ylöstempaus
New Build
Charles William Wendte
Little Tenmile Creek (suba sa Tinipong Bansa, West Virginia)
伍德福德 (加利福尼亞州)
Port Football Club
Lennox (Dacota do Sul)
Kurka
Recurrent artery
Tobe Watson
Gazingam
San Donato
West Fork Beaver Creek (suba sa Tinipong Bansa, Montana, Hill County)
User talk:Sterling Saini
Pisgah Creek (suba sa Tinipong Bansa, North Carolina)
Perdamaian Caltabellotta
Telephone Exchange Building
Jorma Larimo
Sky News Weather
Talk:Kazoo
Jodie Henry
Metassamia bituberculata
Boita
Heretic (Morbid Angel album)
Heteroscyphus planus
Agua Zarca (suba nga anhianhi sa Mehiko, Estado de Sonora, lat 30,51, long -109,64)
Ie Jeureuneh, Trumon Tengah, Aceh Selatan
Kampen (bungtod sa Antartika)
Marmaray
2022–23 Al Ahly men's basketball season
Jake Matthews
Konstantin Habenski
2013 Men's European Individual Closed Championships
Goldcliff Priory
User talk:Emaddox66
1917 en musique classique
Gökdelen Towers
Sigfox
Thespis bicolor
Saison 2013 de l'équipe cycliste Lampre-Merida
Kopu
Rawa Segaran (lanaw nga anhianhi)
Pakala, Chittoor
Parŭn-gol
Ehingen, Middle Franconia
Amatitán (lungsod sa Mehiko, Estado de Jalisco, Amatitán)
User talk:24.192.101.162
Luettelo YK:n pakkausnumeroista 2401–2500
Buio oltre il sole
Os Mutantes
Antonio Ortiz de Zárate
張國城
List of Russian federal subject name etymologies
2000 Úrvalsdeild
Frankrikes herrjuniorlandslag i ishockey
殭屍先生
Reading United Athletic Club
Constitutions (Aristotle)
Diffraction
南头古城博物馆
Praderas alpinas del Hindú Kush
Istorija crnogorske književnosti (knjiga)
Algebraic topology
Odzi
钨酸钠
Cornel Penu
Nuclear fusion
Communauté de communes du Thelle Bray
Marian Rejewski
Directions to See a Ghost
Discussão:Pra Tocar no Manto
Amboy (Washington)
4e division de montagne (Allemagne)
Listo de liberaj programoj
Liż
Novoilyinsky (inhabited locality)
Department of Corrections (Neuseeland)
Charles La Trobe College
Collector road
Ola Isene
Discusión:Meriam Bellina
Timbuktoo
Madrid Open 2023 - Qualificazioni singolare femminile
Vitturiové
User talk:Pcmn
Josep Gener i Batet
Umbră (dezambiguizare)
Goodeniaceae
River Falls (Alabama)
Momentum (egyértelműsítő lap)
Yvette Clarke
Hkun Law
Max Theodor Mayer
Igor Zakurdajew
Liste der römischen Münzmeister
Stoilov
Uførsdalen
José Vázquez