Announcement

Collapse
No announcement yet.

Thunderspy Is A New Vulnerability Affecting Thunderbolt Security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Thunderspy Is A New Vulnerability Affecting Thunderbolt Security

    Phoronix: Thunderspy Is A New Vulnerability Affecting Thunderbolt Security

    Thunderspy is a class of seven vulnerabilities found within Intel's Thunderbolt 3 hardware and the researchers having found nine realistic scenarios for exploiting these Thunderbolt issues across platforms...

    http://www.phoronix.com/scan.php?pag...-Vulnerability

  • #2
    Their website is a little weird. On the one hand, they want us all to download their random python script and give it root privileges to check and see if our machines are vulnerable. On the other hand, they "strongly recommend" that we turn off the thunderbolt ports in bios/uefi, as if there's a spy around every corner with a malicious device they are going to try to plug in the moment we turn our backs.

    Comment


    • #3
      Indeed!
      All the attacker needs is 5 minutes alone with the computer, a screwdriver, and some easily portable hardware.
      If this is the criteria, there are many attack vectors.

      Comment


      • #4
        I'm sure we can trust them and their hardware profiling mechanism will be secure and won't be spying on us. They're trustworthy for sure. They gave our money back for stealing half of our CPUs performance. Oh, wait.. it's a different fairy tale.

        Comment


        • #5
          And yet another thing to add to the list of reasons of why I'm building an AMD 3300X based system.

          Veto So we're changing from a wrench to a screwdriver?


          Comment


          • #6
            I have a feeling this is only humble beginning of firmware-ridden Intel Thunderbolt fiasco.

            Comment


            • #7
              Ah, so this is why they made it royalty-free.

              Comment


              • #8
                Some of you guys are funny, going on about "Intel" and "bugs"- yet save one poster, nobody's batting an eye at "'All' you need is 5 minutes alone with the laptop"? Get real, if someone's got 5 mins alone with your laptop and has malicious intent, you're far more likely to just have the damn thing stolen- and if you're the target of an entity that wants to get at your data that badly and have you not notice, 1- they'd probably go for something more insidious, like a BIOS/EFI hack and 2- you've got FAR bigger problems than the contents of your laptop.

                Comment


                • #9
                  Originally posted by kcrudup View Post
                  Some of you guys are funny, going on about "Intel" and "bugs"- yet save one poster, nobody's batting an eye at "'All' you need is 5 minutes alone with the laptop"? Get real, if someone's got 5 mins alone with your laptop and has malicious intent, you're far more likely to just have the damn thing stolen- and if you're the target of an entity that wants to get at your data that badly and have you not notice, 1- they'd probably go for something more insidious, like a BIOS/EFI hack and 2- you've got FAR bigger problems than the contents of your laptop.
                  Sure, but Intel is making it easier to exploit other vulnerabilities, and one could use this one as a gateway. Ever heard about layered security?

                  Comment


                  • #10
                    Originally posted by angrypie View Post
                    Ever heard about layered security?
                    If they're in my device's guts, there's a lot worse things they could do than this, probably with more effect.

                    Comment

                    Working...
                    X