After Intel confirming the Thunderspy threat to all PCs with Thunderbolt ports, now Microsoft to joins them. This vulnerability, first discovered by Björn Rutenberg, claims an attacker with physical access to a target system for even five minutes, can mint out all the sensitive data from it. This leverages the vulnerability in the Thunderbolt technology of Intel and affects all Windows 10 systems.

Microsoft and Intel Warn About a Serious Thunderbolt Threat
Microsoft and Intel Warn About a Serious Thunderbolt Threat

The Thunderbolt Vulnerability

Thunderbolt port technology is developed by Intel in association with Apple, for bumping the speed of video/data transmission from systems to other external peripherals. While this was praised for many years, now all those Windows PCs having this are at risk of data theft. Thus, all systems since 2011 are vulnerable to this threat. Exceptions include the lastest PCs with Microsoft’s Secured-core PC protections.

Modus Operandi of Thunderspy
Modus Operandi of Thunderspy

First discovered by Björn Ruytenberg from The Eindhoven University of Technology, this was named as Thunderspy and is capable of exfiltrating data from targeted Windows 10 PCs even if they’re locked, suspended, in sleep mode, in the secure boot or having strong encryptions or passwords! Irrespective of any harsh security protocols, an adversary can use a serial peripheral interface (SPI) flash programmer called Bus Pirate, or Thunderbolt Controller Firmware Patcher (tcfp) for stealing data.

Just Under Five Minutes!

The researcher warned that it all takes an attacker is just five minutes or so, to hack your PC with additional peripherals and screwdrivers to unscrew the system. So, should you be worried? Yes and no. If you’re a business traveler or any other VIP carrying sensitive data that’s useful for attackers, leaving your hardware PC for even a short span could determine it as compromised.

Well, that doesn’t apply for Microsoft’s Secured-core PCs, which have come to market late last year and have another security layer for extra protection. But, all those PCs without this are vulnerable, and are suggested to buy new PCs as it’s a hardware problem and cannot be fixed via OTA updates! After all, that’s still suggested if you’re a VIP with some important stuff storing in your PC.

Via: Forbes


Please enter your comment!
Please enter your name here