All lightning Interface Computers Can be Cracked Within 5 Minutes,

-

Thunderspy PoC demo 1: Unlocking Windows PC in 5 minutes

In Hollywood movies, no matter how high the level of computer encryption is, a hacker can copy everything on your computer in just a few minutes, which seems unrealistic. If my computer has set a complex system password, is in a locked state, BIOS encryption, hard disk full disk encryption, under such a high-security level, can hackers easily steal my files? It is indeed possible now! Because of a vulnerability called Thunderspy. It is on the Thunderbolt interface that is equipped on high-end computers. We generally call it "Thunderbolt", and Apple officially calls it "Thunderbolt".


Ruytenberg, a security researcher at the Eindhoven University of Technology in the Netherlands, discovered that all computers with a lightning interface have this vulnerability, and it is a hardware-level vulnerability that can be broken by only a few hundred dollars in equipment. Once you leave your computer for a few minutes, hackers can bypass the system password like in the movie, read your hard disk data at will, and tamper with the system. Three months ago, Ruytenberg reported this vulnerability to Intel, which was officially confirmed by Intel. The most worrying thing is that these vulnerabilities cannot be fixed by software updates, and can only be completely resolved by redesigning the hardware in the future. Intel can only say that it will continue to improve the security of Thunderbolt technology in the future.


Break the computer in 5 minutes
Ruytenberg, who discovered the vulnerability, posted a video on YouTube showing how to carry out the attack. In the video, he removed the back cover of the ThinkPad notebook and connected the SPI programmer to the lightning controller pin on the motherboard with a SOP8 burner clip.


Then it took him only 2 minutes to rewrite the firmware of the lightning controller, bypassing the password and disabling the security settings. After this operation, the hacker can rewrite the operating system by inserting a lightning device, even a fully encrypted computer is not a problem. The whole process only takes about five minutes.


In other words, as long as you leave the desk for a few minutes, a hacker can remodel your computer in such a short time, and then restore it to its original state, without knowing it. Ruytenberg's equipment to break the computer cost only $ 400, and the volume is still relatively large, but he said that "a certain three-letter department" can miniaturize the device to make the attack more concealed, and the cost will increase to $ 10,000. The reason for this vulnerability lies in the long-term security issue of the direct memory access (DMA) of the Thunderbolt interface . The DMA of the Thunderbolt interface allows external devices to directly read and write memory without CPU intervention, which brings convenience to high-speed devices such as external graphics cards, but it also brings hidden security risks. In addition to the above method of disassembling the notebook, the Thunderspy attack has a method that does not require physical intrusion, but it requires access to the Thunderbolt peripheral device that the user plugs into the computer at some point. A Thunderbolt device set to "trusted" by the computer will contain a 64-bit code, and Ruytenberg found that he could access the string and copy it to another gadget.

In this way, he can bypass the lock screen of the target device without even opening the computer case. However, this Thunderspy attack without physical intrusion is only effective if the security of the Thunderbolt interface is set to the default setting that allows trusted devices. Ruytenberg said that the only way for users to completely prevent such attacks is to disable the computer's lightning interface in the computer's BIOS. If you must use the lightning interface, do not lend your computer and lightning peripherals to others, and turn off the power when the computer is unattended.

Is your device safe
First, determine whether your computer uses the Thunderbolt interface, Thunderbolt 1 and 2 are shared with the mini DP, Thunderbolt 3 is shared with the USB-C, and the interface that uses the Thunderbolt standard will also add a lightning logo next to it.

Ruytenberg has released a software called Spycheck on the Thunderspy website, which allows users to verify whether their computers are vulnerable to attacks. You can reply to Thunderbolt to obtain the software, or visit the official website to obtain it. Both Windows and Linux computers will be affected by this vulnerability. After 2019, some devices provide kernel DMA protection to mitigate some (but not all) Thunderspy vulnerabilities. Only a few high-end notebook devices from HP and Lenovo are currently supported.

Windows 10 begins to provide kernel DMA protection
Apple was one of the earliest manufacturers to adopt a lightning interface. Since 2011, it has provided lightning interfaces. But researchers say that the macOS system will only be "partially affected." But if your Mac runs Windows with Boot Camp, it is still vulnerable. Because Thunderspy is a hardware vulnerability, except for the kernel DMA protection, Intel will not provide any measures to solve it, nor will it issue any public safety bulletins to notify the public. The Thunderbolt 3 standard will be integrated into the USB 4 standard formulated recently, so Thunderspy will also have a profound impact on the future USB 4 chip design. Microsoft may be the biggest winner Although the Windows system will be affected by the Thunderspy vulnerability, Microsoft's own hardware is the winner in this vulnerability crisis. High-end notebooks on the market, including Lenovo, Dell, and HP, all have Thunderbolt ports, and Microsoft's Surface series refused to add Thunderbolt ports until this year, which has been criticized by users. The reason given by Microsoft is that DMA is insecure and worried about security issues, so it has always provided high-speed data transmission through its own Surface Connector.


However, the Surface Connector docking station is very expensive, and users who do not use the Thunderbolt interface are also regarded as a pretext for selling high-priced accessories. Now that the predictions have been confirmed, will you still support Microsoft without Thunderbolt?
Reference

Comments

Post a Comment

Please let me if you have any question

Popular posts from this blog

A "Super Magnetic Field" Can be Created on the Earth, Which is Equivalent to a Black Hole Magnetic Field

-
Image
  Beijing time October 10 news, according to foreign media reports, the latest research shows that scientists should be able to create a "super magnetic field" on the earth, equivalent to the magnetic field strength of black holes and neutron stars. According to the latest research report by Masakatsu Murakami, an engineer at Osaka University in Japan, and his colleagues, bombarding microtubes with lasers can generate very strong magnetic fields, which will be of great significance for the development of basic physics, materials science and astronomy research. On October 6, this research paper was published in the open access journal "Scientific Reports". Most of the magnetic fields on the earth, even artificial ones, are not particularly strong. Magnetic resonance imaging (MRI) used in hospitals usually produces 1 Tesla (equivalent to 10,000 Gauss). In comparison, the magnetic field generated by the compass needle swinging northward is 0.3-0.5 Gauss, which is the m...
Read more

Super Performance Intel Xeon 128-Core CPU Comes Out

-
Image
In particular, CEO Radoslav Danilak, who has 25 years of experience in the semiconductor industry, was founded by SandForce, a once-popular SSD control giant. He also personally served as CEO, was later acquired by Seagate, and later founded Skyera, and continued to study SSD control. Technology and then acquired by Western Digital in 2014. Tachyum Prodigy claims to be the world's first "universal processor" (universal processor) because it integrates for high-performance computing, AI artificial intelligence, DML deep mechanical learning, and interpretable in a single silicon chip based on a parallel multi-processor environment and can simplify the programming model and environment. The latest top model is Prodigy T6128, a single-channel single chip integrates 128 physical cores, out-of-order execution architecture, 4 instructions per clock cycle , supports 64-bit addressing, 512-bit vector operations, AI / ML vector and matrix multiplication acceleration, Virtualizatio...
Read more

Oracle Linux 7.9 released: Based on Linux 5.4 LTS and UEK 6 Enterprise Kernel Construction

-
Image
  As for the Linux 5.4 LTS long-term support kernel, it has introduced many new features and improvements to provide first-class hardware support. For example, use zero-copy network to improve network performance, support Btrfs / OCFS2 file system and DTrace, as well as security enhancement and virtualization support for AArch64 (ARM64) platform. UEK Release 6 includes all Cgroup v2 features of Linux 5.4 LTS, a new parallel optimization framework for CPU-intensive work, and kswapd and kexec for verifying the signature of kernel images. In addition, it supports NFS network file transfer, and can treat persistent memory as traditional RAM NVDIMM, NVMe structure/multipath support, pass-through commands, namespace write protection, and asynchronous namespace access improvements. Users who are currently using Oracle 7 major versions can obtain the Update 9 update through the official resource repository, or visit the official website to download the complete ISO installation image of Or...
Read more