Major Thunderbolt security flaw found in Macs and PCs: Should you be worried?


Source: MacWorld



Security researcher Björn Ruytenberg with the Eindhoven University of Technology recently published a report detailing a series of serious security vulnerabilities in Thunderbolt 2 and Thunderbolt 3, collectively called “Thunderspy.”

They affect every single computer with a Thunderbolt 2 or Thunderbolt 3 port, including old-style port connectors and new Type-C connectors, whether the computers are running Windows, Linux, or macOS.

How badly does this security flaw impact Mac users? Should you freak out about someone hacking into your MacBook the next time you get up from your desk to refill your coffee?

Seven Thunderspy vulnerabilities

Ruytenberg describes seven vulnerabilities in his paper. They are as follows.

Inadequate firmware verification schemes.
Weak device authentication scheme.
Use of unauthenticated device metadata.
Backwards compatibility.
Use of unauthenticated controller configurations.
SPI flash interface deficiencies.
No Thunderbolt security on Boot Camp.

===

Remote attacks that use Wi-Fi or Bluetooth, or attempt to infect your computer with software downloaded over the Internet, are vastly more common than attacks like these that require physical access to your computer.

===

Cont'd.

LINK:
https://www.macworld.com/article/3542683/major-thunderbolt-security-flaw-found-in-macs-and-pcs-should-you-be-worried.html

Discusiones sobre el mismo tema

URL de retroenlace : https://www.ictal.org/index.php?trackback/2016

Fuente de los comentarios de esta entrada