Even if the PC is in sleep mode or locked, this attack called Thunderbspy can read and copy all data from the user’s PC. In addition, it can steal data from encrypted drives.
Thunderspy belongs to the category of evil-maid attacks, which means that it requires physical access to the device to attack it, so it is less utilized than other attacks that can be performed remotely. But on the other hand, Thunderspy is still a stealth attack. After the successful execution of the invasion, the criminals will leave almost no trace of exploitation.
In fact, as early as February 2019, a group of security researchers discovered a related intrusion event Thunderclap similar to Thunderspy. In the same year, Intel released a security mechanism to prevent Thunderspy attacks, called Kernel Direct Memory Access Protection.
However, this mechanism was not implemented in earlier configurations, which is why computers produced before 2019 are more vulnerable. But interestingly, when Apple MacOS notebooks boot into Bootcamp, all Thunderbolt security is disabled.
Ruytenberg pointed out that all Thunderbolt-equipped devices shipped between 2011 and 2020 are vulnerable. Devices that have delivered kernel DMA protection since 2019 are also vulnerable to attack to some extent.
Thunderspy vulnerabilities cannot be fixed in the software, which will affect future standards such as USB 4 and Thunderbolt 4, and eventually the chip will need to be redesigned.
Source :- http://www.oschina.net