A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » General XP issues or comments
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Thunderspy: Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking (aka "evil maid attack")



 
 
Thread Tools Display Modes
  #1  
Old May 11th 20, 11:23 AM posted to alt.os.linux,alt.comp.os.windows-10,microsoft.public.windowsxp.general
Arlen Holder[_8_]
external usenet poster
 
Posts: 4
Default Thunderspy: Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking (aka "evil maid attack")

o *Thunderspy*
https://thunderspy.io/

o "evil maid attack"
https://youtu.be/7uvSZA1F9os

o *Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking*
https://www.wired.com/story/thunderspy-thunderbolt-evil-maid-hacking/
"The so-called Thunderspy attack takes less than five minutes to pull off
with physical access to a device, and it affects any PC manufactured
before 2019."

The "technique can bypass the login screen of a sleeping or locked
computer - and even its hard disk encryption - to gain full access
to the computer's data. And while his attack in many cases requires
opening a target laptop's case with a screwdriver, it leaves no trace
of intrusion and can be pulled off in just a few minutes."

"there's no easy software fix, only disabling the Thunderbolt port"
--
As always,. every thread should add value to our overall tribal knowledge.
Ads
  #2  
Old May 12th 20, 02:34 AM posted to alt.os.linux,alt.comp.os.windows-10,microsoft.public.windowsxp.general
Alan Baker[_3_]
external usenet poster
 
Posts: 4
Default Arlen Holder leaves out interesting detail (was Thunderspy:Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking (aka "evil maidattack")

On 2020-05-11 3:23 a.m., Arlen Holder wrote:
o *Thunderspy*
https://thunderspy.io/

o "evil maid attack"
https://youtu.be/7uvSZA1F9os

o *Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking*
https://www.wired.com/story/thunderspy-thunderbolt-evil-maid-hacking/
"The so-called Thunderspy attack takes less than five minutes to pull off
with physical access to a device, and it affects any PC manufactured
before 2019."

The "technique can bypass the login screen of a sleeping or locked
computer - and even its hard disk encryption - to gain full access
to the computer's data. And while his attack in many cases requires
opening a target laptop's case with a screwdriver, it leaves no trace
of intrusion and can be pulled off in just a few minutes."

"there's no easy software fix, only disabling the Thunderbolt port"


"Computers running Apple's MacOS are unaffected."

Now, I wonder why that would have been omitted?


:-)
  #3  
Old May 12th 20, 04:42 PM posted to alt.os.linux,alt.comp.os.windows-10,microsoft.public.windowsxp.general
Arlen Holder[_8_]
external usenet poster
 
Posts: 4
Default Thunderspy: Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking (aka "evil maid attack")

UPDATE:
FYI: Here is an update from ZDNet for Windows & Linux users on this ng...

o *Windows*:
"Microsoft implemented kernel DMA protection in Windows 1803...
o *Linux*:
"Linux kernel 5.x and later... also include kernel DMA protection."

Details here...
o *Thunderbolt vulnerabilities can let attacker with physical access steal data*
https://www.zdnet.com/article/thunderbolt-flaws-affect-millions-of-computers-even-locking-unattended-devices-wont-help/

"A Dutch researcher has detailed nine attack scenarios that work
against all computers with Thunderbolt shipped since 2011 and which
allow an attacker with physical access to quickly steal data from
encrypted drives and memory."

"The attacks work even when users follow security best practice,
such as locking an unattended computer, setting up Secure Boot,
using strong BIOS and operating system account passwords,
and enabling full disk encryption."

"The technology is vulnerable to this type of attack because the
Thunderbolt controller V a PCIe device V has DMA, which can allow
an attacker to access system memory via a connected peripheral."

"While all Thunderbolt-equipped computers are vulnerable to Thunderspy,
Intel, which develops Thunderbolt technology, says the attacks were
mitigated at the operating-system level with Kernel Direct Memory Access
(DMA) protection, but this technology is limited to computers sold
since 2019."
--
This is simply to inform you of the high-level news; for more information,
once you're aware of the news, you can click the links (for more details).
  #4  
Old May 12th 20, 05:07 PM posted to alt.os.linux,alt.comp.os.windows-10,microsoft.public.windowsxp.general
Alan Baker[_3_]
external usenet poster
 
Posts: 4
Default Thunderspy: Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking (aka "evil maid attack")

On 2020-05-12 8:42 a.m., Arlen Holder wrote:
UPDATE:
FYI: Here is an update from ZDNet for Windows & Linux users on this ng...

o *Windows*:
"Microsoft implemented kernel DMA protection in Windows 1803...
o *Linux*:
"Linux kernel 5.x and later... also include kernel DMA protection."


Interesting what you omitted from that second sentence.

"Linux kernel 5.x and later and MacOS Sierra 10.12.4 and later also
include kernel DMA protection. "

I'll let others judge your motives for themselves...


Details here...
o *Thunderbolt vulnerabilities can let attacker with physical access steal data*
https://www.zdnet.com/article/thunderbolt-flaws-affect-millions-of-computers-even-locking-unattended-devices-wont-help/

"A Dutch researcher has detailed nine attack scenarios that work
against all computers with Thunderbolt shipped since 2011 and which
allow an attacker with physical access to quickly steal data from
encrypted drives and memory."

"The attacks work even when users follow security best practice,
such as locking an unattended computer, setting up Secure Boot,
using strong BIOS and operating system account passwords,
and enabling full disk encryption."

"The technology is vulnerable to this type of attack because the
Thunderbolt controller ¡V a PCIe device ¡V has DMA, which can allow
an attacker to access system memory via a connected peripheral."

"While all Thunderbolt-equipped computers are vulnerable to Thunderspy,
Intel, which develops Thunderbolt technology, says the attacks were
mitigated at the operating-system level with Kernel Direct Memory Access
(DMA) protection, but this technology is limited to computers sold
since 2019."


  #5  
Old May 12th 20, 10:33 PM posted to alt.os.linux,alt.comp.os.windows-10,microsoft.public.windowsxp.general
Arlen Holder
external usenet poster
 
Posts: 2
Default Thunderspy: Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking (aka "evil maid attack")

In response to what Alan Baker wrote :

and MacOS Sierra 10.12.4 and later also
include kernel DMA protection. "


HINT for the utterly moronic & clearly psychopathic stalker, Alan Baker...
o This isn't a Mac newsgroup.

For the Mac, please see:
o FYI... Thunderbolt, thunderspy, & thunderclap flaws...PSA
https://groups.google.com/forum/#!topic/comp.sys.mac.system/frJ5TgTZr4c

I'll let others judge your motives for themselves...


Psychopathic morons like Alan Baker and Snit can't process basic facts...
o They ascribe conspiracies to everything they can't themselves comprehend.
--
What makes them scary is not so much that they're utterly unable to process
facts, but that they're clearly petrifyingly scary psychopathic stalkers.
  #6  
Old May 12th 20, 10:53 PM posted to alt.os.linux,alt.comp.os.windows-10,microsoft.public.windowsxp.general
Alan Baker[_3_]
external usenet poster
 
Posts: 4
Default Thunderspy: Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking (aka "evil maid attack")

On 2020-05-12 2:33 p.m., Arlen Holder wrote:
In response to what Alan Baker wrote :

and MacOS Sierra 10.12.4 and later also include kernel DMA protection. "


HINT for the utterly moronic & clearly psychopathic stalker, Alan Baker...
o This isn't a Mac newsgroup.


And yet that doesn't stop you from posting all kinds of other stuff, Liar.


For the Mac, please see:
o FYI... Thunderbolt, thunderspy, & thunderclap flaws...PSA
https://groups.google.com/forum/#!topic/comp.sys.mac.system/frJ5TgTZr4c

I'll let others judge your motives for themselves...


Psychopathic morons like Alan Baker and Snit can't process basic facts...
o They ascribe conspiracies to everything they can't themselves comprehend.


What "conspiracy", Liar?

Do you know what that word means?
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 04:11 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright 2004-2020 PCbanter.
The comments are property of their posters.