Ruytenberg added that there is actually a feature built into the Thunderbolt firmware called “Security Level”, which disallows access to untrusted devices and even turns off the port altogether. However, he explained that the Thunderspy approach is able to alter the firmware setting of the port’s control chip, thus allowing any device to access the PC without leaving any traces.
Fortunately, this vulnerability is something that everyday users shouldn’t be concerned with. Apart from requiring physical connectivity to fully exploit this security flaw, Ruytenberg said that this procedure will also require around US$400 (RM1,730) worth of hardware. So unless you’re a high value target, it’s very unlikely that someone would go through such lengths just to access your PC or laptop with this Thunderbolt vulnerability.
No comments:
Post a Comment