Thunderspy

Thunderspy
A logo created for the vulnerability, featuring an image of a spy
CVE identifier(s)CVE-2020-????
Date discoveredMay 2020; 4 years ago (2020-05)
Date patched2019 via Kernel DMA Protection
DiscovererBjörn Ruytenberg
Affected hardwareComputers manufactured before 2019, and some after that, having the Intel Thunderbolt 3 (and below) port.[1]
Websitethunderspy.io

Thunderspy is a type of security vulnerability, based on the Intel Thunderbolt 3 port, first reported publicly on 10 May 2020, that can result in an evil maid (i.e., attacker of an unattended device) attack gaining full access to a computer's information in about five minutes, and may affect millions of Apple, Linux and Windows computers, as well as any computers manufactured before 2019, and some after that.[1][2][3][4][5][6][7][8]

According to Björn Ruytenberg, the discoverer of the vulnerability, "All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop. All of this can be done in under five minutes."[1] The malicious firmware is used to clone device identities which makes classical DMA attack possible.[4]

  1. ^ a b c Greenberg, Andy (10 May 2020). "Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking - The so-called Thunderspy attack takes less than five minutes to pull off with physical access to a device, and it affects any PC manufactured before 2019". Wired. Retrieved 11 May 2020.
  2. ^ Porter, Jon (11 May 2020). "Thunderbolt flaw allows access to a PC's data in minutes - Affects all Thunderbolt-enabled PCs manufactured before 2019, and some after that". The Verge. Retrieved 11 May 2020.
  3. ^ Doffman, Zak (11 May 2020). "Intel Confirms Critical New Security Problem For Windows Users". Forbes. Retrieved 11 May 2020.
  4. ^ a b Ruytenberg, Björn (2020). "Thunderspy: When Lightning Strikes Thrice: Breaking Thunderbolt 3 Security". Thunderspy.io. Retrieved 11 May 2020.
  5. ^ Kovacs, Eduard (11 May 2020). "Thunderspy: More Thunderbolt Flaws Expose Millions of Computers to Attacks". SecurityWeek.com. Retrieved 11 May 2020.
  6. ^ O'Donnell, Lindsey (11 May 2020). "Millions of Thunderbolt-Equipped Devices Open to 'ThunderSpy' Attack". ThreatPost.com. Retrieved 11 May 2020.
  7. ^ Wyciślik-Wilson, Sofia (11 May 2020). "Thunderspy vulnerability in Thunderbolt 3 allows hackers to steal files from Windows and Linux machines". BetaNews.com. Retrieved 11 May 2020.
  8. ^ Gorey, Colm (11 May 2020). "Thunderspy: What you need to know about unpatchable flaw in older PCs". SiliconRepublic.com. Retrieved 12 May 2020.