Image: Intel
Eindhoven University of Technology researcher Björn Ruytenberg has revealed that Intel’s high-speed interface, Thunderbolt, suffers from seven vulnerabilities that allow malicious users to read and copy all of a host machine’s data, even if the drives are encrypted. Although physical access is required, the attack method – which Ruytenberg has dubbed “Thunderspy” – leaves zero traces and can be exploited in as little as five minutes with a screwdriver and portable hardware.
Thunderspy comprises the following attacks, which affect all three iterations of Thunderbolt:
Inadequate firmware verification schemesWeak device authentication schemeUse of unauthenticated device metadataDowngrade attack using backwards compatibilityUse of unauthenticated controller configurationsSPI flash interface deficienciesNo Thunderbolt...
Continue reading...
