After Intel confirming the Thunderspy threat to all PCs with Thunderbolt ports, now . This vulnerability, first discovered by Bjรถrn Rutenberg, claims an attacker with physical access to a target system for even five minutes, can mint out all the sensitive data from it. This leverages the vulnerability in the Thunderbolt technology of Intel and affects all Windows 10 systems.
The Thunderbolt Vulnerability
Thunderbolt port technology is developed by Intel in association with Apple, for bumping the speed of video/data transmission from systems to other external peripherals. While this was praised for many years, now all those Windows PCs having this are at risk of data theft. Thus, all systems since 2011 are vulnerable to this threat. Exceptions include the lastest PCs with Microsoftโs Secured-core PC protections.
First discovered by Bjรถrn Ruytenberg from The Eindhoven University of Technology, this was named as Thunderspy and is capable of exfiltrating data from targeted Windows 10 PCs even if theyโre locked, suspended, in sleep mode, in the secure boot or having strong encryptions or passwords! Irrespective of any harsh security protocols, an adversary can use a serial peripheral interface (SPI) flash programmer called Bus Pirate, or Thunderbolt Controller Firmware Patcher (tcfp) for stealing data.
Just Under Five Minutes!
The researcher warned that it all takes an attacker is just five minutes or so, to hack your PC with additional peripherals and screwdrivers to unscrew the system. So, should you be worried? Yes and no. If youโre a business traveler or any other VIP carrying sensitive data thatโs useful for attackers, leaving your hardware PC for even a short span could determine it as compromised.
Well, that doesnโt apply for , which have come to market late last year and have another security layer for extra protection. But, all those PCs without this are vulnerable, and are suggested to buy new PCs as itโs a hardware problem and cannot be fixed via OTA updates! After all, thatโs still suggested if youโre a VIP with some important stuff storing in your PC.
Via: Forbes