Thunderbolt; You pressed it Intel raises its hands

Last Sunday, security researcher Björn Ruytenberg from Eindhoven University published the vulnerabilities he discovered at the doors by Intel.

And then the bags of Aeolus were opened…

Thunderbolt

The vulnerability affects millions of electronic systems, as Eindhoven University research reports that if one managed to gain access to a machine for as little as five minutes, he could bypass all login methods to gain full access to the victim's data.

Thunderbolt ports are available on machines running Windows, Linux and macOS. Ruytenberg said all versions of Thunderbolt technology released between 2011 and 2020 are affected. Worst of all, the vulnerability cannot be fixed with any updates. THE Intel will have to redesign the technology to correct these defects.

So you can't do too much. However, with the open source software Thunderspy, developed by Ruytenberg and his team, you can check if you are affected by Thunderbolts.

These tools are available for Windows and Linux systems. Currently there is none tool for macOS users.

How to control your computer:

Windows

From official page of Thunderspy Click on "Thunderspy for Windows" to download the tool.
Open the Zip and put the application where you want. Double-click the Spycheck icon to run the tool.
Select the language and accept the GPLv3 open-soruce license.
The Thunderspy tool will then try to locate the Thunderbolt controller on your system. During the process, the tool may ask you to install some additional drivers or enter power saving mode.
After checking your system, the Thunderspy tool will give you a summary of the analysis. You can click on "Report" for a more detailed report.

Linux

From the official Thunderspy page click on "Thunderspy for Linux" to download the tool.
Open a terminal in the folder that contains the tool and run sudo python3 spycheck.py.
You must have root privileges to run the command.
After you run the command, Spycheck will show you a detailed report. You can export the report in JSON format using the command "-o onoma-arxeiou.json"

There is nothing you can do to fix these vulnerabilities. This way you should not use unknown Thunderbolt devices or leave your computer alone without watching it in public. Turn your system off or on when you move away from it instead of putting it in sleep mode.

If you are an advanced user or want to contribute to the Thunderspy tool, you can check its password in GitHub. You can read Ruytenberg's full research from here.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).