Discussion in 'Business & Enterprise Computing' started by Gunna, Nov 18, 2019.
Thunderbolt 4 lyf....
its a storm in a teacup IMO.
If they can disassemble your laptop they have you dead to rights anyway.
Why have companies been issuing burner laptops/phones to China trips for years?
/obligatory closed source bad, open source good (except in this case there is no alternative... I too wish I could have a coreboot system that wasn't an ancient platform)
Even better is how every article paints the attackers as some sort of malicious Russian special forces mob, rather than a bored script kiddy.
Or how they're "engaging federal police" - and I bet the feds are utterly bored shitless with companies that continue to not follow the "essential 8" but then come crying every time their business goes down the toilet.
If you're referring to the thunderbolt one, that's an exposed port - often in usb-c format on modern laptops, doesn't need to be disassembled. Nothing new DMA attack wise but their other attacks described are interesting, e.g. changing settings of the port.
In terms of threat landscape, anybody seeing anything interesting? Are COVID phishing attacks more successful as they are a bit more heart string pull'y than other ones?
I've been talking to a few orgs lately regarding their remote access security, been interesting seeing the variety of approaches.
"All the attacker needs is 5 minutes alone with the computer, a screwdriver, and some easily portable hardware."
Sounds like some kind of dissembly and specialist kit involved to me. So no script kiddies, but lowers the technical bar from CIA/FSB/Mossad/Chinese Intelligence to anybody with know-how.
Maybe storm in a teacup is under-stating it but its certainly not plug it in and ur pwned
The actual paper talks about modifying SPI flash values by connecting a flash programmer to the chip on the laptop mainboard.
AFAICT after a brief skim, the usual DMA attack mitigations for Windows should be effective for this anyway. Hope Windows users like Bitlocker PIN on boot and no S3 sleep.
My mistake! I am 100% guilty of commenting without reading the article, thought it was discussions on DMA.
Intel(R) Core(TM) i7-2720QM CPU @ 2.20GHz
*yeah it may be "old" but very livable performance.
I haven't been following this one particularly closely, but I'm utterly confused about this particular vulnerability. There's apparently no software mitigation, but MacOS isn't vulnerable to it and Windows is when running on the same hardware? The paper states that this is due to MacOS using IOMMU virtualisation, so doesn't that imply that Windows and Linux could enable it too if available? I'm probably missing something obvious, but hey.
From a practical point of view, I'm keen to see people attempt a physical attack on some of the smaller SPI flash chips out there. SOP8 clips are easy and cheap to get hold of, but wafer-scale packages are becoming the norm in this area (I believe they're already used in some laptops), and soldering to those lines with portable gear would be fun to watch someone attempt. I suppose in that scenario you've got a denial-of-service attack instead
It is confusing because Microsoft did a blog post and stated that systems that meet Microsofts secure core standard aren't vulnerable to this exploit.
Two more big names hit this week. Honda and Lion both suffering outages due to "cyberattacks".
(Where "cyberattacks" == "we don't take standard precautions to prevent cryptolocker")
Obligatory post on this:
TL;DR threat actor attacks unpatched software and socially engineers people. Shock!
Yep, patching, SIEM and 2FA are revolutionary defence mechanisms
Though it's worth reminding people that 2FA does not mitigate the risk of social engineering, only compromise of passwords.
You can still do MFA phishing for office, and they note in the advisory that attackers are trying to phish 0auth tokens.
Australia's Lion brewery hit by second cyber attack as nation staggers under suspected Chinese digital assault
Oops. Accenture dun goofed.