Thunderbolt 3

[salde]

Με αφορμή την απόφαση της Microsoft να μην βάλει Thunderbolt 3 στο νέο της φορητό SurfaceBook 3 βγήκαν στην επιφάνεια κάποια θέματα και διχογνωμίες σχετικά με την ασφάλεια του Thunderbolt 3, του τρόπου που αλληλεπιδρά με τα Windows και στην πορεία βγήκε ότι αφορά και συστήματα με Linux.

Πρώτα υπήρξε μια διαρροή ότι η επιλογή της Microsoft έγινε για λόγους ασφάλειας.
https://twitter.com/h0x0d/status/1253917701719769088
Η εξήγηση αμφισβητήθηκε ως προς τα κίνητρά της, αν έγινε από ειλικρινές ενδιαφέρον για την ασφάλεια ή για άλλους λόγους.
https://www.notebookcheck.net/Microsoft-Surface-Security-concerns-responsible-for-the-lack-of-Thunderbolt-upgradable-RAM-allegedly.463006.0.html
 

 

«In a leaked presentation about the Microsoft Surface Laptop 3, a Microsoft spokesperson explains that Microsoft omitted Thunderbolt 3 out of security concerns. According to him, the port grants direct memory-access, which is a security liability that Microsoft wanted avoid. Security concerns are also the reason why the Surface Laptop 3 lacks upgradable RAM, as someone could freeze the removable RAM stick to read out private data.

Of course, without an official confirmation from Microsoft, this should be taken with a grain of salt.»

Μετά βγήκε στο Wired από έναν ειδικό ασφαλείας πως κάθε υπολογιστής κατασκευασμένος πριν το 2019 μπορεί να βρεθεί σε κίνδυνο από ένα hack που ονόμασε Thunderspy.

«Now a new piece of research from security specialist Björn Ruytenberg has revealed that any Windows or Linux PC made before 2019 is vulnerable to the “evil maid” hack that he is calling “Thunderspy”. It requires gear worth around US$400 but it can bypass the login screen of a sleeping or locked computer and access all the data on its drive -- even if it is encrypted. The exploit won’t work in macOS but will on a Mac running Windows in Boot Camp.»

Η λύση που προτείνεται:
«If you intend to use Thunderbolt connectivity, we strongly recommend to: Connect only your own Thunderbolt peripherals; never lend them to anybody; avoid leaving your system unattended while powered on, even when screenlocked; avoid leaving your Thunderbolt peripherals unattended; ensure appropriate physical security when storing your system and any Thunderbolt devices, including Thunderbolt-powered displays; consider using hibernation (Suspend-to-Disk) or powering off the system completely. Specifically, avoid using sleep mode (Suspend-to-RAM).»

«Wired, in breaking the story, noted that Intel’s new Kernel DMA Protection feature [built following advice of the hack three months ago] needs to be enabled to protect against the attack. However, the response from OEMs varied as to whether is enabled by default on their machines. Even then, Ruytenberg advised that Intel will need to make yet another silicon level fix to completely eliminate the attack.

Intel’s response to Wired reads: "For all systems, we recommend following standard security practices, including the use of only trusted peripherals and preventing unauthorized physical access to computers.»

https://www.notebookcheck.net/Microsoft-might-have-been-right-to-skip-Thunderbolt-3-again-on-the-new-Surface-Book-3.464769.0.html

https://www.wired.com/story/thunderspy-thunderbolt-evil-maid-hacking/