What you need to know
- Microsoft explains how Secured-core PCs mitigate attacks like Thunderspy in a new post.
- Thunderspy utilizes the Thunderbolt port to affect direct access memory.
- Secure-cored PCs have Kernel direct access memory protection to protect from Thunderspy and similar attacks.
Microsoft explains how Secured-core PCs help prevent attacks like Thunderspy from being able to access PCs in a new post. Thunderspy was recently revealed by a team of researchers at Eindhoven University of Technology. The attack method utilizes the Thunderbolt port to gain access to a device's memory. It requires physical access to a device, but it can work even if a device is locked and has hard disk encryption.
Microsoft provides a breakdown of how Thunderspy works to give context to the attack and how Secured-core PCs combat it. In short, an attacker uses a serial peripheral interface flash programmer through a devices Thunderbolt connection. This step gives an attacker access to the PC's Thunderbolt controller firmware. The attacker can then copy and patch the Thunderbolt controller firmware and put the patched version back onto the device. The end result is that an attacker gains access to a device and its data without needing a password.
Secured-core PCs support Kernel direct access memory protection. This type of protection relies on the Input/output Memory Management Unit, allowing it to block external peripherals from gaining altering direct access memory unless a device is signed in and the screen is unlocked. A video from Microsoft Ignite 2019 explains this in more detail.
While these protections don't make a device impenetrable, they do greatly reduce the ease of attacks, according to Microsoft. Microsoft explains in the post:
This means that even if an attacker was able to copy a malicious Thunderbolt firmware to a device, the Kernel DMA protection on a Secured-core PC would prevent any accesses over the Thunderbolt port unless the attacker gains the user's password in addition to being in physical possession of the device, significantly raising the degree of difficulty for the attacker.
Secured-core PCs also have hypervisor protected code integrity, which ensures that kernel code cannot be writable and executable.
While these protections make it more difficult for an attacker to gain access to a device, nothing makes a device completely impervious to attacks. Microsoft wisely uses words like "mitigate" rather than "eliminate" when referring to lowering risk factors. On a related note leaked video recently showed that Microsoft's Surface devices don't have Thunderbolt ports due to security concerns.
We may earn a commission for purchases using our links. Learn more.
Review: Lenovo ThinkVision M14t is fantastic mobile display with a pen
Sometimes you want a second screen when traveling; other times, you may wish to add inking support to your Lenovo, Razer, or premium Dell laptop. The new ThinkVision M14t is a 14-inch portable display that now supports touch and inking. Plus, you get the pen in the box. Here's our full review.
Razer's new Chroma RGB accessories make your PC setup even cooler
Adding some fancy colorful lighting to your gaming space has never been easier. Razer's refreshed and new Chroma RGB controllers work with any desktop PC, or maybe you want a cool glowing Qi charger for your phone. They got that. Here is what's new for this holiday season.
All the best games coming to Xbox in 2020, 2021, and beyond
What's coming to Xbox Series X, Xbox Series S, and Xbox One in the future? Here are the biggest and brightest games we're looking forward to.
Best Online Fax Services 2020
If you need to do some faxing but you don't want to shell out the money for a fax machine of your own, online fax services are the way to go. Here are some of our favorites.