SoylentNews is people
SoylentNews
from the phsyical-access-==-you-lose,-eventually dept.
Thunderspy, as its creator Björn Ruytenberg has named the attack, in most cases requires the attacker to remove the screws from the computer casing. From there, the attacker locates the Thunderbolt chip and connects a clip, which in turn is connected to a series of commodity components—priced about $600—which is connected to an attacker laptop. These devices analyze the current Thunderbolt firmware and then reflash it with a version that's largely the same except that it disables any of the Intel-developed security features that are turned on.
[...] "There are seriously tons and tons of things you can do to a PC once you open the case," says Hector Martin, an independent security researcher with extensive experience in hacking or reverse-engineering the Nintendo Wii, several generations of the Sony PlayStation, and other devices with strong defenses against physical attacks. "The evil maid threat model is interesting when you restrict it to plugging things into ports, because that can be done very quickly when e.g. the target is just looking away."
[...] Readers who are left wondering how big a threat Thunderspy poses should remember that the high bar of this attack makes it highly unlikely it will ever be actively used in real-world settings, except, perhaps, for the highest-value targets coveted by secretive spy agencies. Whichever camp has a better case, nothing will change that reality.
Previously: https://soylentnews.org/article.pl?sid=20/05/11/1721247
(Score: 4, Funny) by Anonymous Coward on Thursday May 14 2020, @10:30PM (2 children)
Found the oxymoron!
(Score: 2) by takyon on Thursday May 14 2020, @10:47PM
No maid would be that evil.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by driverless on Friday May 15 2020, @03:51AM
Gee, you shouldn't oughta said that, Doc.
Yeah, leave Conn...Intel alone. He does the best he can.