Content deleted Content added
Added 2 citations with respect to -- 1) The Thunderspy exploit is possible in even sleep mode, locked out state (or at least some mode of powered on state); 2) Physical-access required to hack Thunderbolt. |
→Impact: adjs |
||
Line 19:
== Impact ==
{{more citations needed|section|date=May 2020}}
The security vulnerability may affect millions of Apple, Linux and Windows computers, as well as any computers manufactured before 2019, and some after that.<ref name="WRD-20200510" /><ref name="FRBS-20200511" /><ref name="TSY-2020" /> However, this impact is restricted mainly to how precise a bad actor would have to be to execute the attack. Physical access to a machine with a vulnerable Thunderbolt controller is necessary, as well as a writable ROM chip for the Thunderbolt controller's firmware.<ref name="TSY-2020" /> Since ROM chips can come in a BGA format, this isn't always possible.{{cn|date=May 2020}} Additionally, part of Thunderspy, specifically the portion involving re-writing the firmware of the controller, requires the device to be in sleep,<ref name="TSY-2020" /> or at least in some sort of powered-on state, to be effective.<ref name="
Due to the nature of attacks that require extended physical access to hardware, it's unlikely the attack will affect users outside of a business or government environment.<ref name="YT-20200511">{{cite news |author=codeHusky |title=Video (11:01) - Thunderspy is nothing to worry about - Here's why |url=https://www.youtube.com/watch?v=c9Z3hQh0NxY |date=11 May 2020 |work=[[YouTube]] |accessdate=12 May 2020 }}</ref><ref name="
== Mitigation ==
| |||