Content deleted Content added
adds/adjs |
|||
Line 20:
The security vulnerability may affect millions of Apple, Linux and Windows computers, as well as any computers manufactured before 2019, and some after that.<ref name="WRD-20200510" /><ref name="FRBS-20200511" /><ref name="TSY-2020" /> However, this impact is restricted mainly due to how precise a bad actor would have to be to execute the attack. Physical access to a machine with a vulnerable Thunderbolt controller is necessary, as well as a writable ROM chip for the Thunderbolt controller's firmware.<ref name="TSY-2020" /> Since ROM chips can come in a BGA format, this isn't always possible. Additionally, part of Thunderspy, specifically the portion involving re-writing of the firmware of the controller, requires the device to be in sleep<ref name="TSY-2020" />, or at least in some sort of powered-on state, to be effective.{{cn}} As some business machines feature intrusion detection features that cause the machine to power down the moment the back cover is removed, this attack is almost impossible on secured systems.{{cn}}
Due to the nature of attacks that require extended, physical access to hardware, it's unlikely the attack will affect users outside of a business or government environment.<ref name="YT-20200511">{{cite news |author=codeHusky |title=Video (11:01) - Thunderspy is nothing to worry about - Here's why |url=https://www.youtube.com/watch?v=c9Z3hQh0NxY |date=11 May 2020 |work=[[YouTube]] |accessdate=12 May 2020 }}</ref>
== Mitigation ==
| |||