.png "back to home page")
This is why Microsoft was right. Thunderbolt is indeed a security risk. https://t.co/RjONMqGyM0 https://t.co/EpK4ImS7P6
— Arif Bacchus (@abacjourn) May 11, 2020
A newly-found vulnerability in thunderbolt ports could leave any PC built before 2019 open to hacking—even if the machine is asleep or locked. https://t.co/4E6ECCZn6v
— WIRED (@WIRED) May 11, 2020
This has been a long time coming. Today we release Thunderspy. Find full details at https://t.co/TkanJmzCk6. Thanks to @a_greenberg for reporting. #Thunderspy #Intel #Thunderbolt https://t.co/WR9hGfJCbB
— Björn Ruytenberg (@0Xiphorus) May 11, 2020
So I guess that Surface engineer was right? https://t.co/GiXaMadCpu
— Devindra Hardawar (@Devindra) May 11, 2020
The so-called Thunderspy attack takes less than five minutes to pull off with physical access to a device, and affects any PC manufactured before 2019. https://t.co/zwkvUoaxpP
— Backchannel (@backchnnl) May 11, 2020
Say what you will about the VGA port but it had never let us down like this. Thunderbolt, more like Thunderdolt.
— Nicolas Magand (@nicolasmagand) May 11, 2020
via @Techmeme https://t.co/hgqG1Utt9y
AMD PCs aren’t affected then.
— Brian Fagioli (@brianfagioli) May 11, 2020
"All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop,"
— Ian Barwise (@z3roTrust) May 11, 2020
https://t.co/z9FybhU9cN via @wired
Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking https://t.co/4SMcEjHOV0 @wired // Thunderbolt was always risky. Windows has 1st party thunderbolt because if Microsoft didn't do it then there would have been worse vulnerabilities due to uneven support by OEMs/Intel.
— Steven Sinofsky (@stevesi) May 11, 2020
I don't understand how a person can find a vulnerability with Thunderbolt, go to the trouble of making a website about it, and NOT call it Thunderstruck. Once again they've really missed a trick here.https://t.co/d4w5jwVNPK
— Joe Ressington (@JoeRessington) May 11, 2020
Dutch researcher @0Xiphorushas has detailed a new physical access technique that could let hackers break into any of millions of PCs via their Thunderbolt ports. The good news is it requires unscrewing the case briefly. The bad news is it's unpatchable. https://t.co/0K6iBhg7Vz
— Andy Greenberg (@a_greenberg) May 11, 2020
Sadly, no. Intel's Kernel DMA protection requires hardware and BIOS support that weren't shipped prior to 2019. It also requires OS support but that is much easier to fix. See https://t.co/dmbtnjUOyA for details.
— Björn Ruytenberg (@0Xiphorus) May 11, 2020
Thunderspy works even if you follow best security practices by locking or suspending your computer when leaving briefly, and if your system administrator has set up the device with Secure Boot, strong BIOS and operating system account passwords, and enabled full disk encryption.
— Catalin Cimpanu (@campuscodi) May 11, 2020
This looks bad. An attacker could read your encrypted drive & contents of a RAM, even when the laptop is sleeping. All it takes is inserting a device into USB/Thunderbolt port. All macbooks are affected, even with Linuxes. Can't be fixed in software.https://t.co/MxthVjMrmb
— Paul Miller (@paulmillr) May 11, 2020
“Thunderspy [Intel exploit] enables creating arbitrary Thunderbolt device identities and cloning user-authorized Thunderbolt devices, even in the presence of Security Levels pre-boot protection and cryptographic device authentication” https://t.co/PvVoj2JjVj
— Kenn White (@kennwhite) May 11, 2020
Intel says computers that have Kernel Direct Memory Access Protection enabled are safe, but that feature is only available in some PCs sold since 2019. @0Xiphorus has released a tool to see if your computer is vulnerable here: https://t.co/uxNOrc0lDG
— Andy Greenberg (@a_greenberg) May 11, 2020
Oh, look. Some disclosure drama pic.twitter.com/iy89bidr2L
— Catalin Cimpanu (@campuscodi) May 11, 2020
"If your computer has a Thunderbolt port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep."
— Mattias Geniar (@mattiasgeniar) May 11, 2020
tl;dr: stop using computers. ¯\_(ツ)_/¯https://t.co/mT0gT0FF80
There’s a new Thunderbolt bug, check if your computer is affected (story by @Indianidle) https://t.co/zoIO78ZOj3
— TNW (@thenextweb) May 11, 2020
セキュリティ研究者によると、ロックされデータが暗号化されている場合でも、Thunderbolt搭載のPCまたはLinuxコンピューターから攻撃者がデータを盗む可能性があります。https://t.co/f2zBieAeX8
— ポル之助/古嶋誉幸 (@pornski_eros) May 11, 2020
スプセルとかで見たハッキングはいくら何でもお手軽過ぎだと思いましたが、存外できちゃうものなのかも
실제 데이터 탈취에는 400달러(약 50만원)짜리 장비가 필요하며 컴퓨터 뚜껑을 따야해서 발견한 사람은 ‘악한 가정부 공격’ 방법을 예시로 듬. 호텔에서 노트북을 따고, 재프로그래밍 -> 데이터 탈취. 탈취되어도 사용자는 그 사실을 알 수 없다고https://t.co/gyMfIo4uML
— 데드캣 (@deadcatssociety) May 11, 2020
Thunderbolt flaw allows access to a PC’s data in minutes https://t.co/uWQZ7FSBak pic.twitter.com/lTxLKN1xRq
— The Verge (@verge) May 11, 2020
Interesting research on attacking Thunderbolt via firmware attack and then a thunderbolt attack bypassing security:https://t.co/6Iy8DVt3rn
— Blenster (@blenster) May 11, 2020
This isn't a plug-and-play attack and takes some effort but it's still too "easy" to change the firmware.
alright fine, microsoft, you had a point there.https://t.co/WpsuoHIqzX
— dan seifert (@dcseifert) May 11, 2020
Ugly stop buying intel pc hacked within minutes. Time to upgrade to AMD Ryzenhttps://t.co/lnHhXo7vV7
— KaZen (@Kaz9837) May 11, 2020