Dutch researcher @0Xiphorushas has detailed a new physical access technique that could let hackers break into any of millions of PCs via their Thunderbolt ports. The good news is it requires unscrewing the case briefly. The bad news is it's unpatchable.https://www.wired.com/story/thunderspy-thunderbolt-evil-maid-hacking/ …
-
Show this thread
-
-
Intel says computers that have Kernel Direct Memory Access Protection enabled are safe, but that feature is only available in some PCs sold since 2019.
@0Xiphorus has released a tool to see if your computer is vulnerable here: https://thunderspy.io/1 reply 21 retweets 47 likesShow this thread -
Replying to @a_greenberg @0Xiphorus
The Intel blog post indicates that it's the *operating system* being newer than from 2019 that protects against attack. Not the PC being from 2019 or newer. https://blogs.intel.com/technology/2020/05/more-information-on-thunderspy … So basically any up-to-date computer isn't at risk?
1 reply 1 retweet 2 likes -
Replying to @wdormann @a_greenberg
Sadly, no. Intel's Kernel DMA protection requires hardware and BIOS support that weren't shipped prior to 2019. It also requires OS support but that is much easier to fix. See https://thunderspy.io/#kernel-dma-protection … for details.
2 replies 4 retweets 11 likes -
In-market systems;[..]will not support Kernel DMA Protection for Thunderbolt™ 3 after upgrading to Windows 10 version 1803, as this feature requires the BIOS/platform firmware changes and guarantees that cannot be backported to previously released deviceshttps://docs.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt …
1 reply 4 retweets 6 likes
On one hand, I'd say that the Intel blog post is specifically worded to imply that up-to-date systems are fine. Hardware reqs are glossed over. On the other hand, yeah, if you allow physical access to a powered-on computer, don't be surprised by evil. https://www.kb.cert.org/vuls/id/789985/ pic.twitter.com/tdGY4pAmNb
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.