ESET Releases Advice on Protecting Against Thunderspy

Practical steps to defend against the attack vendor Thunderspy, a series of vulnerabilities in the Thunderbolt technology, have been published today by ESET.

Thunderbolt is an interface for allowing high-speed connections between computers and peripherals. Using Thunderspy, attackers potentially change or even remove the security measures of the Thunderbolt interface on a target computer, enabling them to steal data from it.

Despite being first uncovered by Björn Ruytenberg, a computer security researcher, in May 2020, more insights are needed into Thunderspy, with Thunderbolt-based attacks rare and highly targeted in nature.

Aryeh Goretsky, ESET distinguished researcher noted: “While Ruytenberg’s research has received publicity because of its novel attack vector, not much has been said about how to protect against Thunderspy, or even determine whether you have been a victim.”

Goretsky explained that Thunderbolt-based attacks are generally limited to high profile targets such as business executives, engineers or administrative personnel because they are difficult to conduct; it either requires cloning identities of Thunderbolt devices that are already trusted and allowed by the computer, or even the permanent disablement of Thunderbolt security.

Both of these methods require in-person access to the target computer as well as the tools to disassemble the computer, attach a logic programmer, read the firmware from the SPI flash ROM chip, disassemble and modify its instructions, and write it back to the chip.

To effectively protect against Thunderspy, Goretsky recommends: “First, prevent any unauthorized access to your computer. Second, secure all your computer’s relevant interfaces and ports, such as USB-C. Be ..

Support the originator by clicking the read the rest link below.