Quote:Last month, we saw a team of researchers uncover a security flaw baked into Microsoft Teams that used GIFs to gain access to a user's data. Now, a security researcher, Björn Ruytenberg, has uncovered a vulnerability dubbed 'Thunderspy' in the ubiquitous Intel Thunderbolt port. It allows a hacker with brief physical access to the device the ability to access the target's data.
Although Thunderspy requires physical access to the device itself, it is possible even if the device is locked, encrypted, or set to sleep. Here's a video of Ruytenberg demonstrating the entire procedure in five minutes.
Intel has responded to the report by stating that operating systems in 2019, including Windows 10 1803 RS4 and later, Linux kernel 5.x and later, and MacOS 10.12.4 and later, have implemented Kernel Direct Memory Access (DMA) protection to mitigate and prevent these attacks.
Quote:The researchers did not demonstrate successful DMA attacks against systems with these mitigations enabled.But according to Wired, Kernal DMA has not been universally implemented and is in fact, incompatible with Thunderbolt peripherals made before 2019.
Quote:In their testing, the Eindhoven researchers could find no Dell machines that have the Kernel DMA Protection, including those from 2019 or later, and they were only able to verify that a few HP and Lenovo models from 2019 or later use it.
Read more: https://www.neowin.net/news/thunderbolt-...in-minutes
![[-]](https://www.geeks.fyi/images/collapse.png)
