Did Intel fix a critical security issue or not?12. May 2020
Did Intel fix a critical security issue or not?
By Horst Buchwald
Is my notebook really safe in this hotel safe? A question that has often been asked on the many journeys around the world. And what is it like in the office, in my apartment, when I’m on the road, in short: when access is possible without me noticing? Most hotel safes can be cracked, but I had my notebook set up by a security expert. Any attacker will be able to get his teeth into it. Examples? Here they are: secure boot, strong BIOS and operating system account passwords and full hard disk encryption enabled.
And then I read this:
Intel has confirmed a newly discovered vulnerability. It is about the so called “Thunderspy” vulnerability. To use it, all you need is physical access to the notebook, a screwdriver and five minutes. If these requirements are met, the attacker can “read and copy all your data, even if your drive is encrypted and your computer is locked or hibernated”. So much for a text recently published in “Forbes”. I wanted to know more. This is what came up:
Afterwards security experts around Björn Ruytenberg ( Eindhoven University of Technology ) discovered the vulnerability and determined: all computers with Thunderbolt ports are affected. After Ruytenberg pointed out to Intel, access to Kernel Direct Memory Access (DMA) would have been disabled on newer machines. This means: all modern operating systems are now protected against the attacker Thunderspy. This refers to Windows 10 from 1803 RS4 on, Linux from Kernel 5.x on and macOS from version 10.12.4 on.
“For all systems,” Intel continues, “we recommend following standard security practices, including using only trusted peripherals and preventing unauthorized physical access to computers.
These recommendations are not false, but are they realistic? It takes time and expertise to implement them. Neither business leaders nor government officials can determine whether this printer or charger is safe. If you’re involved in important negotiations, have to give a presentation – you concentrate on your task, security always falls by the wayside. With this knowledge in mind, the “enemies” act.
So they also know that many PC’s do not use Kernel Direct Memory Access Protection, which fills the gap. According to “Wired”, these are computers from Dell and also some laptops from HP and Lenovo.
Do you feel “safe” now? Very probably not. However, you could find out if you use the offer on this site: https://thunderspy.io/#affected-apple-systems