Thunderspy is a type of
security vulnerability, based on the
Intel Thunderbolt 3 port, first reported publicly on 10 May 2020, that can result in an
evil maid (ie, attacker of an unattended device) attack gaining full access to a computer's information in about five minutes, and may affect millions of
Apple
An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple trees are cultivated worldwide and are the most widely grown species in the genus '' Malus''. The tree originated in Central Asia, where its wild ances ...
,
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which i ...
and
Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ...
computers, as well as any computers manufactured before 2019, and some after that.
According to Björn Ruytenberg, the discoverer of the vulnerability, "All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop. All of this can be done in under five minutes."
The malicious firmware is used to clone device identities which makes classical DMA attack possible.
History
The Thunderspy security vulnerabilities were first publicly reported by Björn Ruytenberg of
Eindhoven University of Technology
The Eindhoven University of Technology ( nl, Technische Universiteit Eindhoven), abbr. TU/e, is a public technical university in the Netherlands, located in the city of Eindhoven. In 2020–21, around 14,000 students were enrolled in its BSc ...
in the
Netherlands
)
, anthem = ( en, "William of Nassau")
, image_map =
, map_caption =
, subdivision_type = Sovereign state
, subdivision_name = Kingdom of the Netherlands
, established_title = Before independence
, established_date = Spanish Netherl ...
on 10 May 2020.
Thunderspy is similar to
Thunderclap,
another security vulnerability, reported in 2019, that also involves access to computer files through the Thunderbolt port.
Impact
The security vulnerability affects millions of Apple, Linux and Windows computers, as well as all computers manufactured before 2019, and some after that.
However, this impact is restricted mainly to how precise a bad actor would have to be to execute the attack. Physical access to a machine with a vulnerable Thunderbolt controller is necessary, as well as a writable ROM chip for the Thunderbolt controller's firmware.
Additionally, part of Thunderspy, specifically the portion involving re-writing the firmware of the controller, requires the device to be in sleep,
or at least in some sort of powered-on state, to be effective.
Machines that force power-off when the case is open may assist in resisting this attack to the extent that the feature (switch) itself resists tampering.
Due to the nature of attacks that require extended physical access to hardware, it's unlikely the attack will affect users outside of a business or government environment.
Mitigation
The researchers claim there is no easy software solution, and may only be mitigated by disabling the Thunderbolt port altogether.
However, the impacts of this attack (reading kernel level memory without the machine needing to be powered off) are largely mitigated by anti-intrusion features provided by many business machines.
Intel claims enabling such features would substantially restrict the effectiveness of the attack.
Microsoft's official security recommendations recommend disabling sleep mode while using BitLocker.
Using hibernation in place of sleep mode turns the device off, mitigating potential risks of attack on encrypted data.
References
External links
*
*
*
{{Portal bar, Business and economics, Computer programming
Computer security
2020 in computing