Thunderspy Security Flaw

Hardware vulnerability discovered in Thunderbolt connected devices.

Vendor: Microsoft

Product: Windows 10

Component: Thunderbolt 3

Date: May 2020

What's New

It has been reported that Microsoft has now joined Intel in confirming a newly reported security vulnerability with Thunderbolt ports. This enables an attacker with physical access to a PC to modify the port’s controller firmware, disabling its security.

Discovered by Eindhoven University of Technology, they have warned that despite locking or suspending a PC, having a secure boot process, strong password or encryption “all an attacked needs is five minutes alone with the computer” to potentially compromise it.

Attacks like this are extremely rare as they are highly complex – but they do happen. They most likely would occur when you are staying away in a hotel and away from your room. Microsoft has confirmed the attack vector and stated “an attacker with physical access to a system can use Thunderspy to read and copy data even from systems that have encryption with password protection enabled.” The vulnerability is in hardware, and so cannot be patched.

How Does This Affect Me?

  • Thunderspy is pretty niche and will most likely be used to target high value or sensitive information so this put only a very small percentage of users at risk. Nonetheless, it is a security flaw and puts devices at risk. The way to mitigate this is to look at devices with Kernal DMA protection in place but this is limited to certain new devices.

Mitigation

  • New computers will be automatically patched.
  • Ensure that physical access to equipment is protected.
  • Datcom will check and enable Kernal DMA Protection for all Service Desk and Security Desk customers. Reference ticket for all customers is #420049.
  • For older computers there is no mitigation route, it is likely older computers will not be using a Thunberbolt connector.

References

Get in touch

Call us on 0333 000 3210 or Email us solutions@datcom.co.uk

Latest news...

Time for a cloud backup solution?

Here at Datcom, we help many of our clients ensure their business data is backed up. Let’s look into why it’s worth considering if your business needs to evaluate its backup requirements.

Read More

Learning Never Stops

Lockdown may have kept us all indoors but during this period Datcom increased the team access to online training materials to allow them to continue their development from home.

Read More

End Of Life Office 2016 and 2010

Support for Office 2010 will end on October 13, 2020 and there will be no extension and no extended security updates. All of your Office 2010 apps will continue to function.

Read More