Thunderspy Security Flaw

Hardware vulnerability discovered in Thunderbolt connected devices.

Vendor: Microsoft

Product: Windows 10

Component: Thunderbolt 3

Date: May 2020

What's New

It has been reported that Microsoft has now joined Intel in confirming a newly reported security vulnerability with Thunderbolt ports. This enables an attacker with physical access to a PC to modify the port’s controller firmware, disabling its security.

Discovered by Eindhoven University of Technology, they have warned that despite locking or suspending a PC, having a secure boot process, strong password or encryption “all an attacked needs is five minutes alone with the computer” to potentially compromise it.

Attacks like this are extremely rare as they are highly complex – but they do happen. They most likely would occur when you are staying away in a hotel and away from your room. Microsoft has confirmed the attack vector and stated “an attacker with physical access to a system can use Thunderspy to read and copy data even from systems that have encryption with password protection enabled.” The vulnerability is in hardware, and so cannot be patched.

How Does This Affect Me?

  • Thunderspy is pretty niche and will most likely be used to target high value or sensitive information so this put only a very small percentage of users at risk. Nonetheless, it is a security flaw and puts devices at risk. The way to mitigate this is to look at devices with Kernal DMA protection in place but this is limited to certain new devices.

Mitigation

  • New computers will be automatically patched.
  • Ensure that physical access to equipment is protected.
  • Datcom will check and enable Kernal DMA Protection for all Service Desk and Security Desk customers. Reference ticket for all customers is #420049.
  • For older computers there is no mitigation route, it is likely older computers will not be using a Thunberbolt connector.

References

Get in touch

Call us on 0333 000 3210 or Email us solutions@datcom.co.uk

Latest news...

COVID 19 New National Restrictions from 5 November

From the 5th November, the country will start a new four-week lockdown. Over this period Datcom will continue to provide the highest level of support and service to our clients, no matter whether you are working from home, in the office or on the road.

Read More

Getting the most from Microsoft 365

Are you getting the most from your Microsoft 365 subscription? Are you using Power Apps or Power Automate to help make efficiency and cultural improvements in your business? Here is an example at Datcom of how we used Power Apps to improve team members communication and to prompt team working.

Read More