What you need to know
- Microsoft explains how Secured-core PCs mitigate attacks like Thunderspy in a new post.
- Thunderspy utilizes the Thunderbolt port to affect direct access memory.
- Secure-cored PCs have Kernel direct access memory protection to protect from Thunderspy and similar attacks.
Microsoft explains how Secured-core PCs help prevent attacks like Thunderspy from being able to access PCs in a new post. Thunderspy was recently revealed by a team of researchers at Eindhoven University of Technology. The attack method utilizes the Thunderbolt port to gain access to a device's memory. It requires physical access to a device, but it can work even if a device is locked and has hard disk encryption.
Microsoft provides a breakdown of how Thunderspy works to give context to the attack and how Secured-core PCs combat it. In short, an attacker uses a serial peripheral interface flash programmer through a devices Thunderbolt connection. This step gives an attacker access to the PC's Thunderbolt controller firmware. The attacker can then copy and patch the Thunderbolt controller firmware and put the patched version back onto the device. The end result is that an attacker gains access to a device and its data without needing a password.
Secured-core PCs support Kernel direct access memory protection. This type of protection relies on the Input/output Memory Management Unit, allowing it to block external peripherals from gaining altering direct access memory unless a device is signed in and the screen is unlocked. A video from Microsoft Ignite 2019 explains this in more detail.
While these protections don't make a device impenetrable, they do greatly reduce the ease of attacks, according to Microsoft. Microsoft explains in the post:
This means that even if an attacker was able to copy a malicious Thunderbolt firmware to a device, the Kernel DMA protection on a Secured-core PC would prevent any accesses over the Thunderbolt port unless the attacker gains the user's password in addition to being in physical possession of the device, significantly raising the degree of difficulty for the attacker.
Secured-core PCs also have hypervisor protected code integrity, which ensures that kernel code cannot be writable and executable.
While these protections make it more difficult for an attacker to gain access to a device, nothing makes a device completely impervious to attacks. Microsoft wisely uses words like "mitigate" rather than "eliminate" when referring to lowering risk factors. On a related note leaked video recently showed that Microsoft's Surface devices don't have Thunderbolt ports due to security concerns.
We may earn a commission for purchases using our links. Learn more.
Benchmarking the new Surface Book 3 15 with GTX 1660 Ti and 10th Gen i7
Although it's too early for a review, here are some initial benchmarks from the new Surface Book 3 15-inch with a Core i7 and NVIDIA GeForce 1660 Ti (Max-Q) and how it compares to Surface Book 2 and other premium laptops. Spoiler: While the CPU is just OK, that 1660 Ti definitely bumps up the Book 3's potential.
Review: Sabrent's Rocket Q SSDs are fast, well-priced and go up to 4TB
Sabrent has a new SSD range available in the form of the Rocket Q. These new NVMe SSDs use QLC NAND, but offer impressive speeds and storage capacities at affordable prices. Check our full review to see how they compare against other SSDs.
Review: How do I go back to Wi-Fi 5 after using TP-Link's Archer AX6000?
TP-Link's Archer AX6000 is an 802.11ax router designed to take your network into the future. However, it might not be exactly what you're looking for due to its high-end specs and relatively high price. We explain in this review.
The best photo editing apps for Windows 10
Whether you need to remove red eyes, or do heavy duty editing, these are the best photo editing apps for Windows 10.