Thunderspy Vulnerability Hits Linux
There's a new vulnerability in town, this time it's centered around the Thunderbolt 3 standard and makes it possible for a hacker, with physical access to a computer, to copy data, even if said data is encrypted and the computer is locked.
The vulnerability, named Thunderspy, affects all systems with Thunderbolt ports shipped between 2011 and 2020. The one exception is any system system shipped since 2019, with Kernel DMA Protection enabled, is partially immune to the vulnerability.
Thunderspy is a stealth attack, which means it leaves behind absolutely no trace. To make this even more dangerous, no phishing or social engineering is required to succeed with the hack, and it can be accomplished in under five minutes. To enact the Thunderspy attack, Björn Ruytenberg (the researcher who discovered the vulnerability), says, “all the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop.”
Jerry Bryant, director of security communication for the Intel Platform Assurance and Security group says of Thunderspy, "While the underlying vulnerability is not new and was addressed in operating system releases last year, the researchers demonstrated new potential physical attack vectors using a customized peripheral device on systems that did not have these mitigations enabled."
Admins wanting to check their systems can download either Spycheck for Windows or Spycheck for Linux, to test if a computer is at risk.
Original source: https://thunderspy.io/