Thunderspy: What it is, why it’s not scary, and what to do about it

[InfoSec News <alerts () infosecnews org>]

https://arstechnica.com/information-technology/2020/05/thunderspy-what-is-is-why-its-not-scary-and-what-to-do-about-it/

By Dan Goodin
Ars Technica
May 12, 2020

There’s a new attack that uses off-the-shelf equipment to take full control of 
a PC—even when locked—if a hacker gets just a few minutes alone with it. The 
vector is a familiar one: the Thunderbolt ultrafast interface connects graphics 
cards, storage systems, and other peripherals to millions of computers.

The hack, which took years to develop, is elegant. Its adept mix of 
cryptanalysis, reverse engineering, and exploit development punches a major 
hole in defenses that Thunderbolt creator Intel spent considerable time and 
resources to erect. Ultimately, though, the technique is an incremental advance 
in an attack that has existed for more than a decade. While the weakness it 
exploits is real and should be closed, the vast majority of people—think 99 
percent—shouldn’t worry about it. More about that later. For now, here are the 
bare-bones details.


Accessing Memory Lane

Thunderspy, as its creator Björn Ruytenberg has named the attack, in most cases 
requires the attacker to remove the screws from the computer casing. 
> From there, the attacker locates the Thunderbolt chip and connects a clip, 
which in turn is connected to a series of commodity components—priced about 
$600—which is connected to an attacker laptop. These devices analyze the 
current Thunderbolt firmware and then reflash it with a version that’s largely 
the same except that it disables any of the Intel-developed security features 
that are turned on.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_