289:
vulnerable
Thunderbolt controller is necessary, as well as a writable ROM chip for the Thunderbolt controller's firmware. Additionally, part of Thunderspy, specifically the portion involving re-writing the firmware of the controller, requires the device to be in sleep, or at least in some sort of powered-on state, to be effective. Machines that force power-off when the case is open may assist in resisting this attack to the extent that the feature (switch) itself resists tampering.
1485:
192:
1473:
40:
301:
by many business machines. Intel claims enabling such features would substantially restrict the effectiveness of the attack. Microsoft's official security recommendations recommend disabling sleep mode while using BitLocker. Using hibernation in place of sleep mode turns the device off, mitigating potential risks of attack on encrypted data.
639:"7 Thunderbolt Vulnerabilities Affect Millions of Devices: 'Thunderspy' Allows Physical Hacking in 5 Minutes - Do you own a Thunderbolt equipped laptop, and have bought it after 2011? Well, we've news for YOU. 7 newly discovered Intel Thunderbolt vulnerabilities have exposed your device to hackers. Learn what to do?"
300:
The researchers claim there is no easy software solution, and may only be mitigated by disabling the
Thunderbolt port altogether. However, the impacts of this attack (reading kernel level memory without the machine needing to be powered off) are largely mitigated by anti-intrusion features provided
288:
The security vulnerability affects millions of Apple, Linux and
Windows computers, as well as all computers manufactured before 2019, and some after that. However, this impact is restricted mainly to how precise a bad actor would have to be to execute the attack. Physical access to a machine with a
157:
According to Björn
Ruytenberg, the discoverer of the vulnerability, "All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop. All of this can be done in under five minutes."
739:
328:"Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking - The so-called Thunderspy attack takes less than five minutes to pull off with physical access to a device, and it affects any PC manufactured before 2019"
1104:
292:
Due to the nature of attacks that require extended physical access to hardware, it's unlikely the attack will affect users outside of a business or government environment.
1038:
958:
882:
928:
808:
989:
386:
1139:
355:
1094:
923:
908:
1084:
1089:
913:
142:(i.e., attacker of an unattended device) attack gaining full access to a computer's information in about five minutes, and may affect millions of
692:
356:"Thunderbolt flaw allows access to a PC's data in minutes - Affects all Thunderbolt-enabled PCs manufactured before 2019, and some after that"
872:
608:"'Thunderclap' vulnerability could leave Thunderbolt computers open to attacks - Remember: don't just plug random stuff into your computer"
175:
1300:
918:
1004:
834:
801:
167:
607:
1350:
275:
556:
449:
638:
1114:
530:
178:, another security vulnerability, reported in 2019, that also involves access to computer files through the Thunderbolt port.
867:
213:
1477:
1014:
829:
794:
1463:
256:
1196:
999:
938:
228:
1489:
1063:
209:
1510:
1505:
1186:
1058:
943:
933:
781:
770:
235:
202:
1295:
979:
131:
475:
1134:
718:
1241:
1176:
1048:
242:
135:
104:
1362:
1246:
963:
502:"Thunderspy vulnerability in Thunderbolt 3 allows hackers to steal files from Windows and Linux machines"
1338:
1156:
984:
948:
327:
224:
892:
501:
158:
The malicious firmware is used to clone device identities which makes classical DMA attack possible.
17:
1446:
1019:
953:
887:
1425:
1206:
877:
1279:
1274:
1161:
1079:
1043:
151:
1171:
1099:
332:
166:
The
Thunderspy security vulnerabilities were first publicly reported by Björn Ruytenberg of
139:
50:
1368:
1201:
1146:
1053:
56:
249:
1320:
1191:
1499:
1441:
1284:
1256:
1251:
1151:
1109:
154:
computers, as well as any computers manufactured before 2019, and some after that.
1484:
1326:
994:
693:"Kernel DMA Protection for Thunderbolt™ 3 (Windows 10) - Microsoft 365 Security"
191:
171:
1231:
1221:
775:
764:
664:
586:"Thunderclap: Modern computers are vulnerable to malicious peripheral devices"
143:
85:
39:
1380:
1332:
1166:
862:
612:
450:"Thunderspy: More Thunderbolt Flaws Expose Millions of Computers to Attacks"
424:"Thunderspy: When Lightning Strikes Thrice: Breaking Thunderbolt 3 Security"
360:
1472:
1409:
1356:
1344:
1308:
1009:
1216:
1404:
1374:
1226:
1211:
786:
669:
531:"Thunderspy: What you need to know about unpatchable flaw in older PCs"
216: in this section. Unsourced material may be challenged and removed.
476:"Millions of Thunderbolt-Equipped Devices Open to 'ThunderSpy' Attack"
1266:
1181:
391:
557:"Breaking Thunderbolt Protocol Security: Vulnerability Report. 2020"
103:
Computers manufactured before 2019, and some after that, having the
665:"Video (11:01) - Thunderspy is nothing to worry about - Here's why"
1236:
147:
777:
Video (11:01) - Thunderspy is nothing to worry about - Here's why
719:"More Information on Thunderbolt(TM) Security - Technology@Intel"
44:
A logo created for the vulnerability, featuring an image of a spy
387:"Intel Confirms Critical New Security Problem For Windows Users"
138:, first reported publicly on 10 May 2020, that can result in an
790:
185:
757:
585:
423:
740:"BitLocker Security FAQ (Windows 10) - Windows security"
116:
1461:
1434:
1418:
1397:
1390:
1293:
1265:
1127:
1072:
1031:
972:
901:
855:
848:
111:
99:
91:
80:
62:
49:
1039:Munster Technological University ransomware attack
929:Waikato District Health Board ransomware attack
380:
378:
632:
630:
321:
319:
317:
315:
313:
990:Anonymous and the Russian invasion of Ukraine
802:
524:
522:
8:
959:National Rifle Association ransomware attack
883:United States federal government data breach
32:
766:Video (5:54) – Thunderspy: proof of concept
1394:
924:Health Service Executive ransomware attack
852:
809:
795:
787:
417:
415:
413:
411:
409:
276:Learn how and when to remove this message
174:on 10 May 2020. Thunderspy is similar to
1468:
914:Ivanti Pulse Connect Secure data breach
309:
606:Gartenberg, Chaim (27 February 2019).
500:Wyciślik-Wilson, Sofia (11 May 2020).
31:
1095:Ukrainian cyberattacks against Russia
873:European Medicines Agency data breach
7:
214:adding citations to reliable sources
105:Intel Thunderbolt 3 (and below) port
18:Thunderclap (security vulnerability)
1090:Change Healthcare ransomware attack
919:Colonial Pipeline ransomware attack
555:Ruytenberg, Björn (17 April 2020).
474:O'Donnell, Lindsey (11 May 2020).
168:Eindhoven University of Technology
25:
1483:
1471:
909:Microsoft Exchange Server breach
190:
38:
1115:IRLeaks attack on Iranian banks
326:Greenberg, Andy (10 May 2020).
201:needs additional citations for
448:Kovacs, Eduard (11 May 2020).
1:
1110:Fur Affinity domain hijacking
1015:Shanghai police database leak
1005:Costa Rican ransomware attack
717:Jerry, Bryant (10 May 2020).
939:Kaseya VSA ransomware attack
637:Grey, Mishka (13 May 2020).
385:Doffman, Zak (11 May 2020).
1064:British Library cyberattack
1054:Insomniac Games data breach
529:Gorey, Colm (11 May 2020).
354:Porter, Jon (11 May 2020).
1527:
1059:Polish railway cyberattack
944:Transnet ransomware attack
934:JBS S.A. ransomware attack
584:Staff (26 February 2019).
422:Ruytenberg, Björn (2020).
68:; 4 years ago
868:Twitter account hijacking
822:
663:codeHusky (11 May 2020).
37:
136:Intel Thunderbolt 3 port
1000:DDoS attacks on Romania
691:Staff (26 March 2019).
1478:Business and economics
132:security vulnerability
27:Security vulnerability
1339:Account pre-hijacking
1085:Kadokawa and Niconico
985:Red Cross data breach
86:Kernel DMA Protection
1490:Computer programming
1010:LastPass vault theft
980:Ukraine cyberattacks
893:Vastaamo data breach
817:Hacking in the 2020s
210:improve this article
1105:Trump campaign hack
1021:Grand Theft Auto VI
888:EasyJet data breach
535:SiliconRepublic.com
34:
1207:IT Army of Ukraine
1049:MOVEit data breach
878:Nintendo data leak
839:2030s →
1511:2020 in computing
1506:Computer security
1459:
1458:
1455:
1454:
1280:maia arson crimew
1275:Graham Ivan Clark
1140:associated events
1123:
1122:
1080:XZ Utils backdoor
1044:Evide data breach
964:Banco de Oro hack
843:
842:
286:
285:
278:
260:
125:
124:
100:Affected hardware
51:CVE identifier(s)
16:(Redirected from
1518:
1488:
1487:
1476:
1475:
1467:
1395:
1100:2024 WazirX hack
949:Epik data breach
853:
825:
824:
811:
804:
797:
788:
778:
767:
761:
760:
758:Official website
744:
743:
736:
730:
729:
727:
725:
714:
708:
707:
705:
703:
688:
682:
681:
679:
677:
660:
654:
653:
651:
649:
634:
625:
624:
622:
620:
603:
597:
596:
594:
592:
581:
575:
574:
572:
570:
561:
552:
546:
545:
543:
541:
526:
517:
516:
514:
512:
497:
491:
490:
488:
486:
471:
465:
464:
462:
460:
454:SecurityWeek.com
445:
439:
438:
436:
434:
419:
404:
403:
401:
399:
382:
373:
372:
370:
368:
351:
345:
344:
342:
340:
323:
281:
274:
270:
267:
261:
259:
218:
194:
186:
121:
118:
95:Björn Ruytenberg
76:
74:
69:
42:
35:
21:
1526:
1525:
1521:
1520:
1519:
1517:
1516:
1515:
1496:
1495:
1494:
1482:
1470:
1462:
1460:
1451:
1430:
1414:
1386:
1298:
1296:vulnerabilities
1289:
1261:
1147:Anonymous Sudan
1119:
1068:
1027:
968:
897:
849:Major incidents
844:
818:
815:
776:
765:
756:
755:
752:
747:
738:
737:
733:
723:
721:
716:
715:
711:
701:
699:
690:
689:
685:
675:
673:
662:
661:
657:
647:
645:
643:HackReports.com
636:
635:
628:
618:
616:
605:
604:
600:
590:
588:
583:
582:
578:
568:
566:
559:
554:
553:
549:
539:
537:
528:
527:
520:
510:
508:
499:
498:
494:
484:
482:
473:
472:
468:
458:
456:
447:
446:
442:
432:
430:
421:
420:
407:
397:
395:
384:
383:
376:
366:
364:
353:
352:
348:
338:
336:
325:
324:
311:
307:
298:
282:
271:
265:
262:
219:
217:
207:
195:
184:
164:
134:, based on the
115:
72:
70:
67:
63:Date discovered
45:
28:
23:
22:
15:
12:
11:
5:
1524:
1522:
1514:
1513:
1508:
1498:
1497:
1493:
1492:
1480:
1457:
1456:
1453:
1452:
1450:
1449:
1444:
1438:
1436:
1432:
1431:
1429:
1428:
1422:
1420:
1416:
1415:
1413:
1412:
1407:
1401:
1399:
1392:
1388:
1387:
1385:
1384:
1378:
1372:
1366:
1360:
1354:
1348:
1342:
1336:
1330:
1324:
1321:PrintNightmare
1318:
1312:
1305:
1303:
1291:
1290:
1288:
1287:
1282:
1277:
1271:
1269:
1263:
1262:
1260:
1259:
1254:
1249:
1247:Sakura Samurai
1244:
1239:
1234:
1229:
1224:
1219:
1214:
1209:
1204:
1199:
1194:
1192:GnosticPlayers
1189:
1184:
1179:
1174:
1169:
1164:
1159:
1154:
1149:
1144:
1143:
1142:
1131:
1129:
1125:
1124:
1121:
1120:
1118:
1117:
1112:
1107:
1102:
1097:
1092:
1087:
1082:
1076:
1074:
1070:
1069:
1067:
1066:
1061:
1056:
1051:
1046:
1041:
1035:
1033:
1029:
1028:
1026:
1025:
1017:
1012:
1007:
1002:
997:
992:
987:
982:
976:
974:
970:
969:
967:
966:
961:
956:
954:FBI email hack
951:
946:
941:
936:
931:
926:
921:
916:
911:
905:
903:
899:
898:
896:
895:
890:
885:
880:
875:
870:
865:
859:
857:
850:
846:
845:
841:
840:
837:
832:
823:
820:
819:
816:
814:
813:
806:
799:
791:
785:
784:
773:
762:
751:
750:External links
748:
746:
745:
731:
709:
697:Microsoft Docs
683:
655:
626:
598:
576:
547:
518:
492:
480:ThreatPost.com
466:
440:
405:
374:
346:
308:
306:
303:
297:
294:
284:
283:
198:
196:
189:
183:
180:
163:
160:
123:
122:
113:
109:
108:
101:
97:
96:
93:
89:
88:
82:
78:
77:
64:
60:
59:
53:
47:
46:
43:
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
1523:
1512:
1509:
1507:
1504:
1503:
1501:
1491:
1486:
1481:
1479:
1474:
1469:
1465:
1448:
1445:
1443:
1442:Cyclops Blink
1440:
1439:
1437:
1433:
1427:
1424:
1423:
1421:
1417:
1411:
1408:
1406:
1403:
1402:
1400:
1396:
1393:
1389:
1382:
1379:
1376:
1373:
1370:
1367:
1364:
1361:
1358:
1355:
1352:
1349:
1346:
1343:
1340:
1337:
1334:
1331:
1328:
1325:
1322:
1319:
1316:
1313:
1310:
1307:
1306:
1304:
1302:
1297:
1292:
1286:
1283:
1281:
1278:
1276:
1273:
1272:
1270:
1268:
1264:
1258:
1257:Wizard Spider
1255:
1253:
1250:
1248:
1245:
1243:
1240:
1238:
1235:
1233:
1230:
1228:
1225:
1223:
1220:
1218:
1215:
1213:
1210:
1208:
1205:
1203:
1200:
1198:
1195:
1193:
1190:
1188:
1185:
1183:
1180:
1178:
1175:
1173:
1170:
1168:
1165:
1163:
1160:
1158:
1155:
1153:
1150:
1148:
1145:
1141:
1138:
1137:
1136:
1133:
1132:
1130:
1126:
1116:
1113:
1111:
1108:
1106:
1103:
1101:
1098:
1096:
1093:
1091:
1088:
1086:
1083:
1081:
1078:
1077:
1075:
1071:
1065:
1062:
1060:
1057:
1055:
1052:
1050:
1047:
1045:
1042:
1040:
1037:
1036:
1034:
1030:
1024:
1022:
1018:
1016:
1013:
1011:
1008:
1006:
1003:
1001:
998:
996:
993:
991:
988:
986:
983:
981:
978:
977:
975:
971:
965:
962:
960:
957:
955:
952:
950:
947:
945:
942:
940:
937:
935:
932:
930:
927:
925:
922:
920:
917:
915:
912:
910:
907:
906:
904:
900:
894:
891:
889:
886:
884:
881:
879:
876:
874:
871:
869:
866:
864:
861:
860:
858:
854:
851:
847:
838:
836:
833:
831:
828:←
827:
826:
821:
812:
807:
805:
800:
798:
793:
792:
789:
783:
779:
774:
772:
768:
763:
759:
754:
753:
749:
741:
735:
732:
720:
713:
710:
698:
694:
687:
684:
672:
671:
666:
659:
656:
644:
640:
633:
631:
627:
615:
614:
609:
602:
599:
587:
580:
577:
565:
564:Thunderspy.io
558:
551:
548:
536:
532:
525:
523:
519:
507:
503:
496:
493:
481:
477:
470:
467:
455:
451:
444:
441:
429:
428:Thunderspy.io
425:
418:
416:
414:
412:
410:
406:
394:
393:
388:
381:
379:
375:
363:
362:
357:
350:
347:
335:
334:
329:
322:
320:
318:
316:
314:
310:
304:
302:
295:
293:
290:
280:
277:
269:
258:
255:
251:
248:
244:
241:
237:
234:
230:
227: –
226:
222:
221:Find sources:
215:
211:
205:
204:
199:This section
197:
193:
188:
187:
181:
179:
177:
173:
169:
161:
159:
155:
153:
149:
145:
141:
137:
133:
130:is a type of
129:
120:
114:
110:
106:
102:
98:
94:
90:
87:
83:
79:
66:May 2020
65:
61:
58:
54:
52:
48:
41:
36:
30:
19:
1314:
1252:ShinyHunters
1152:Berserk Bear
1023:content leak
1020:
734:
722:. Retrieved
712:
700:. Retrieved
696:
686:
674:. Retrieved
668:
658:
646:. Retrieved
642:
617:. Retrieved
611:
601:
589:. Retrieved
579:
567:. Retrieved
563:
550:
538:. Retrieved
534:
509:. Retrieved
506:BetaNews.com
505:
495:
483:. Retrieved
479:
469:
457:. Retrieved
453:
443:
431:. Retrieved
427:
396:. Retrieved
390:
365:. Retrieved
359:
349:
337:. Retrieved
331:
299:
291:
287:
272:
263:
253:
246:
239:
232:
225:"Thunderspy"
220:
208:Please help
203:verification
200:
165:
156:
127:
126:
81:Date patched
29:
1327:FORCEDENTRY
1267:Individuals
1187:Ghostwriter
995:Viasat hack
176:Thunderclap
172:Netherlands
1500:Categories
1315:Thunderspy
1232:OceanLotus
1222:LightBasin
1172:DarkMatter
305:References
296:Mitigation
236:newspapers
128:Thunderspy
117:thunderspy
92:Discoverer
33:Thunderspy
1447:Pipedream
1381:Sinkclose
1333:Log4Shell
1301:disclosed
1299:publicly
1197:Guacamaya
1167:Cozy Bear
1135:Anonymous
863:BlueLeaks
613:The Verge
361:The Verge
140:evil maid
84:2019 via
57:2020-????
1426:Predator
1410:Drovorub
1369:Terrapin
1357:LogoFAIL
1351:Downfall
1345:Retbleed
1309:SMBGhost
1285:Kirtaner
1242:Sandworm
1217:Lapsus$
1177:DarkSide
1157:BlackCat
835:Timeline
266:May 2020
1464:Portals
1405:Adrozek
1391:Malware
1375:GoFetch
1227:LockBit
1212:Killnet
1202:Hafnium
782:YouTube
771:YouTube
670:YouTube
250:scholar
170:in the
162:History
152:Windows
112:Website
73:2020-05
71: (
1383:(2024)
1377:(2024)
1371:(2023)
1365:(2023)
1363:Reptar
1359:(2023)
1353:(2023)
1347:(2022)
1341:(2022)
1335:(2021)
1329:(2021)
1323:(2021)
1317:(2020)
1311:(2020)
1294:Major
1182:Dridex
1128:Groups
724:17 May
702:17 May
676:12 May
648:18 May
619:12 May
591:12 May
569:11 May
540:12 May
511:11 May
485:11 May
459:11 May
433:11 May
398:11 May
392:Forbes
367:11 May
339:11 May
252:
245:
238:
231:
223:
182:Impact
1237:REvil
830:2010s
560:(PDF)
333:Wired
257:JSTOR
243:books
148:Linux
144:Apple
1435:2022
1419:2021
1398:2020
1162:Clop
1073:2024
1032:2023
973:2022
902:2021
856:2020
726:2020
704:2020
678:2020
650:2020
621:2020
593:2020
571:2020
542:2020
513:2020
487:2020
461:2020
435:2020
400:2020
369:2020
341:2020
229:news
150:and
55:CVE-
780:on
769:on
212:by
119:.io
1502::
695:.
667:.
641:.
629:^
610:.
562:.
533:.
521:^
504:.
478:.
452:.
426:.
408:^
389:.
377:^
358:.
330:.
312:^
146:,
1466::
810:e
803:t
796:v
742:.
728:.
706:.
680:.
652:.
623:.
595:.
573:.
544:.
515:.
489:.
463:.
437:.
402:.
371:.
343:.
279:)
273:(
268:)
264:(
254:·
247:·
240:·
233:·
206:.
107:.
75:)
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.