Thunderspy: Intel responds to Thunderbolt vulnerability

The “Thunderspy” baptized weak spot in Intel’s Thunderbolt interface allows attackers to gain widespread access. So you can protect yourself.

Under the name of Thunderspy a number of security vulnerabilities for Intel’s Thunderbolt interface is known. Of the company, there is now a response to the report.

There is a Software Update that the security vulnerability fixes, does not exist unfortunately. Some protective measures against the vulnerability approach, there are still.


Why is Thunderspy dangerous?

Security researcher Björn Ruytenberg has identified a number of vulnerabilities in the Thunderbolt interface from Intel. Among other things, the Firmware of the Thunderbolt to Chips exchange and its security features disable. This enables unauthorized devices access to the memory of the device.

All that is needed is physical access to the computer. Because to Exploit the vulnerability the attacker would need to Unscrew the calculator. After that, however, he has the ability to data extraction and to overcome protection measures such as disk encryption.

So Intel is responding to Thunderspy

Intel has commented on the vulnerability in the meantime. In the answer to soothe the user and does not indicate that an attack from a distance is possible. As a result, the security risk is already significantly lower.

Reading tip: PC-security – 10 Golden rules you should follow

In addition, modern operation could be secured secured systems through the activation of the Kernel DMA against the vulnerability. All systems with a minimum of Windows 10 from 1803 RS4, macOS from Version 10.12.4 and Linux Kernel 5.x should be against such attacks.

On older devices, but also some more modern Laptops from manufacturers like Dell, Lenovo or HP, this is not the case.

Tool reveals whether they are affected by Thunderspy

Users who are not sure whether your computer is protected from an attack on the Thunderspy-weak, can test this from the discoverer of the Thunderspy-weak point out of the given Tool is named Spycheck. This is available for Windows and Linux.

Thunderspy: How to protect yourself

Who’s afraid to be a victim of an assault via Thunderspy, the activation of the Kernel, DMA is recommended, first of all, if possible. On Windows this works via the following path:

Start – > settings – > Update and security > Windows security > Windows security to open the > device security > Details of the security chip > memory access protection

You can also disable the Thunderbolt interface in your UEFI. You will no longer be usable.

Furthermore, it is not recommended to give the device or to leave in public places from the eyes. Also, the Plug of unknown devices should not be used.

Thunderspy PoC demo 1: Unlocking a Windows PC in 5 minutes

Source: Thunderspy The Video shows how the security gap, the Thunderbolt interface can be exploited.