|
|
Thunderspy: Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking (aka "evil maid attack")
o *Thunderspy*
https://thunderspy.io/ o "evil maid attack" https://youtu.be/7uvSZA1F9os o *Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking* https://www.wired.com/story/thunderspy-thunderbolt-evil-maid-hacking/ "The so-called Thunderspy attack takes less than five minutes to pull off with physical access to a device, and it affects any PC manufactured before 2019." The "technique can bypass the login screen of a sleeping or locked computer - and even its hard disk encryption - to gain full access to the computer's data. And while his attack in many cases requires opening a target laptop's case with a screwdriver, it leaves no trace of intrusion and can be pulled off in just a few minutes." "there's no easy software fix, only disabling the Thunderbolt port" -- As always,. every thread should add value to our overall tribal knowledge. |
Arlen Holder leaves out interesting detail (was Thunderspy:Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking (aka "evil maidattack")
On 2020-05-11 3:23 a.m., Arlen Holder wrote:
o *Thunderspy* https://thunderspy.io/ o "evil maid attack" https://youtu.be/7uvSZA1F9os o *Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking* https://www.wired.com/story/thunderspy-thunderbolt-evil-maid-hacking/ "The so-called Thunderspy attack takes less than five minutes to pull off with physical access to a device, and it affects any PC manufactured before 2019." The "technique can bypass the login screen of a sleeping or locked computer - and even its hard disk encryption - to gain full access to the computer's data. And while his attack in many cases requires opening a target laptop's case with a screwdriver, it leaves no trace of intrusion and can be pulled off in just a few minutes." "there's no easy software fix, only disabling the Thunderbolt port" "Computers running Apple's MacOS are unaffected." Now, I wonder why that would have been omitted? :-) |
Thunderspy: Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking (aka "evil maid attack")
UPDATE:
FYI: Here is an update from ZDNet for Windows & Linux users on this ng... o *Windows*: "Microsoft implemented kernel DMA protection in Windows 1803... o *Linux*: "Linux kernel 5.x and later... also include kernel DMA protection." Details here... o *Thunderbolt vulnerabilities can let attacker with physical access steal data* https://www.zdnet.com/article/thunderbolt-flaws-affect-millions-of-computers-even-locking-unattended-devices-wont-help/ "A Dutch researcher has detailed nine attack scenarios that work against all computers with Thunderbolt shipped since 2011 and which allow an attacker with physical access to quickly steal data from encrypted drives and memory." "The attacks work even when users follow security best practice, such as locking an unattended computer, setting up Secure Boot, using strong BIOS and operating system account passwords, and enabling full disk encryption." "The technology is vulnerable to this type of attack because the Thunderbolt controller ¡V a PCIe device ¡V has DMA, which can allow an attacker to access system memory via a connected peripheral." "While all Thunderbolt-equipped computers are vulnerable to Thunderspy, Intel, which develops Thunderbolt technology, says the attacks were mitigated at the operating-system level with Kernel Direct Memory Access (DMA) protection, but this technology is limited to computers sold since 2019." -- This is simply to inform you of the high-level news; for more information, once you're aware of the news, you can click the links (for more details). |
Thunderspy: Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking (aka "evil maid attack")
On 2020-05-12 8:42 a.m., Arlen Holder wrote:
UPDATE: FYI: Here is an update from ZDNet for Windows & Linux users on this ng... o *Windows*: "Microsoft implemented kernel DMA protection in Windows 1803... o *Linux*: "Linux kernel 5.x and later... also include kernel DMA protection." Interesting what you omitted from that second sentence. "Linux kernel 5.x and later and MacOS Sierra 10.12.4 and later also include kernel DMA protection. " I'll let others judge your motives for themselves... Details here... o *Thunderbolt vulnerabilities can let attacker with physical access steal data* https://www.zdnet.com/article/thunderbolt-flaws-affect-millions-of-computers-even-locking-unattended-devices-wont-help/ "A Dutch researcher has detailed nine attack scenarios that work against all computers with Thunderbolt shipped since 2011 and which allow an attacker with physical access to quickly steal data from encrypted drives and memory." "The attacks work even when users follow security best practice, such as locking an unattended computer, setting up Secure Boot, using strong BIOS and operating system account passwords, and enabling full disk encryption." "The technology is vulnerable to this type of attack because the Thunderbolt controller ¡V a PCIe device ¡V has DMA, which can allow an attacker to access system memory via a connected peripheral." "While all Thunderbolt-equipped computers are vulnerable to Thunderspy, Intel, which develops Thunderbolt technology, says the attacks were mitigated at the operating-system level with Kernel Direct Memory Access (DMA) protection, but this technology is limited to computers sold since 2019." |
Thunderspy: Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking (aka "evil maid attack")
In response to what Alan Baker wrote :
and MacOS Sierra 10.12.4 and later also include kernel DMA protection. " HINT for the utterly moronic & clearly psychopathic stalker, Alan Baker... o This isn't a Mac newsgroup. For the Mac, please see: o FYI... Thunderbolt, thunderspy, & thunderclap flaws...PSA https://groups.google.com/forum/#!topic/comp.sys.mac.system/frJ5TgTZr4c I'll let others judge your motives for themselves... Psychopathic morons like Alan Baker and Snit can't process basic facts... o They ascribe conspiracies to everything they can't themselves comprehend. -- What makes them scary is not so much that they're utterly unable to process facts, but that they're clearly petrifyingly scary psychopathic stalkers. |
Thunderspy: Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking (aka "evil maid attack")
On 2020-05-12 2:33 p.m., Arlen Holder wrote:
In response to what Alan Baker wrote : and MacOS Sierra 10.12.4 and later also include kernel DMA protection. " HINT for the utterly moronic & clearly psychopathic stalker, Alan Baker... o This isn't a Mac newsgroup. And yet that doesn't stop you from posting all kinds of other stuff, Liar. For the Mac, please see: o FYI... Thunderbolt, thunderspy, & thunderclap flaws...PSA https://groups.google.com/forum/#!topic/comp.sys.mac.system/frJ5TgTZr4c I'll let others judge your motives for themselves... Psychopathic morons like Alan Baker and Snit can't process basic facts... o They ascribe conspiracies to everything they can't themselves comprehend. What "conspiracy", Liar? Do you know what that word means? |
| All times are GMT +1. The time now is 01:10 AM. |
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2004 - 2006 PCbanter
Comments are property of their posters