Thunderspy flaw in intel affects Millions of Computers

Thunderspy flaw in intel affects Millions of Computers

A new security flaw "Thunderspy" has been discovered in Intel hardware that allows an attacker to steal data from Windows or Linux devices equipped with Thunderbolt ports.  If they can get their hands on the device for just five minutes. They can steal all data from your device. The attackers specifically target Thunderbolt technology, which is a hardware interface developed by Intel (in collaboration with Apple) that allows users to consolidate data transfer, charging, and video peripherals into a single connector. According to the Björn Ruytenberg, a security researcher who is currently a student at the Eindhoven University of Technology, all devices which are equipped with ThunderBolt technology and manufactured before 2019 are vulnerable to this attack. This Thunderspy vulnerability allows an attacker to read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep.

About Thunderspy

Attacks would require Physical Access to a computer. According to the Björn Ruytenberg, even if you follow the best security practices, if your system administrator has set up the device with Secure Boot, strong BIOS, and operating system account passwords, and enabled full disk encryption, all the attacker requires only five minutes alone with the computer, a screwdriver, and some easily portable hardware. In a proof of concept video, Björn Ruytenberg showed that how he was able to unscrew the bottom panel of a Thunderbolt-equipped ThinkPad to access its Thunderbolt controller, then he attach the SPI programmer device using  a SOP8 clip (which is a piece of hardware that attaches to controllers’ pins).

Proof of Concept

If you want to check whether your computer is vulnerable or not, you can check the device using tools on Ruytenberg’s website. If you want to know more about this in detail then click here. Right now, Intel is working on resolving this issue until that you don't have to share your device alone in someone's hand and As a part of the Security-First Pledge, Intel will continue to improve the security of Thunderbolt technology.

Does this article being helpful to you? Let us know your thoughts in the comments section and share it with us on Facebook, Twitter, or our LinkedIn Group.


Previous Post Next Post