Thunderbolt™ security research published by Eindhoven University - Thunderspy
On 10 May 2020, researchers released a paper on weaknesses in the Thunderbolt version 3 protocol. This research discloses several issues in the Thunderbolt specification and related hardware implementations. Red Hat considers these Thunderbolt weaknesses an issue that hardware vendors need to address and customers are advised to contact them for additional information, as required. This does not impact Red Hat products. All vectors require physical access to the target machine, and either access to a trusted Thunderbolt device to clone, or the ability to physically open the machine and reprogram flash chips on the motherboard with malicious firmware.
This level of physical access, additional hardware, and skill requirement to exploit test weaknesses are not within the consideration of a viable attack vector due to the many simpler attacks that can be performed with equivalent access.
Additional Resources:
Disclaimer: Links contained herein to external website(s) are provided for convenience only. Red Hat has not reviewed the links and is not responsible for the content or its availability. The inclusion of any link to an external website does not imply endorsement by Red Hat of the website or their entities, products or services. You agree that Red Hat is not responsible or liable for any loss or expenses that may result due to your use of (or reliance on) the external site or content.
Comments