Thunderspy: Difference between revisions

The researchers claim there is no easy software solution, and may only be mitigated by disabling the Thunderbolt port altogether.<ref name="WRD-20200510" /> However, the impacts of this attack (reading kernel level memory without the machine needing to be powered off) are largely mitigated by anti-intrusion features provided by many business machines.<ref name="msdoc-kdma-protecton-for-thunderbolt">{{cite web |author=Staff |title=Kernel DMA Protection for Thunderbolt™ 3 (Windows 10) - Microsoft 365 Security |url=https://docs.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt |date=26 March 2019 |work=Microsoft Docs |accessdate=17 May 2020 }}</ref> Intel claims enabling such features would substantially restrict the effectiveness of the attack.<ref name="intel-20200510">{{cite news |last=Jerry |first=Bryant |title=More Information on Thunderbolt(TM) Security - Technology@Intel |url=https://blogs.intel.com/technology/2020/05/more-information-on-thunderspy/ |date=10 May 2020 |accessdate=17 May 2020 }}</ref> Microsoft's official security recommendations recommend disabling sleep mode while using BitLocker.<ref>https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-security-faq#what-are-the-implications-of-using-the-sleep-or-hibernate-power-management-options</ref>. Using hibernation in place of sleep mode turns the device off, mitigating potential risks of attack on encrypted data.