Take a look at our
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message
NOT what you want to hear about Thunderbolt
-
- Admin Emeritus
- Posts: 23826
- Joined: Mon Sep 18, 2006 5:17 am
- Location: Loch Garman, Éire
NOT what you want to hear about Thunderbolt
Bad news for all you guys and girls with a laptop that has Thunderbolt.
Thunderbolt flaws affect millions of computers
More Thunderspy
Thunderbolt flaws affect millions of computers
More Thunderspy
Lovely day for a Guinness! (The Real Black Stuff)
Re: NOT what you want to hear about Thunderbolt
Feels good delivering "bad news" about Thunderbolt and Intel, doesn't it?
Obviously, you don't even have to bother with reading the content. Because the headlines are built to scare you. They will make you think that any Joe Schmoe with a Thunderbolt pen-drive can just connect, type a few letters, and steal all your data. When really they need to take the bottom cover off, connect a physical flash programmer, and run something on the other computer they brought with them. That's not a trivial attack vector. Oh, and they need the PC to be on.
Not saying that it is a trivial vulnerability, but one that is easily defeated by having a hard drive password and hibernating the laptop when you leave it in a place where you are afraid an attacker might gain physical access.
Obviously, you don't even have to bother with reading the content. Because the headlines are built to scare you. They will make you think that any Joe Schmoe with a Thunderbolt pen-drive can just connect, type a few letters, and steal all your data. When really they need to take the bottom cover off, connect a physical flash programmer, and run something on the other computer they brought with them. That's not a trivial attack vector. Oh, and they need the PC to be on.
Not saying that it is a trivial vulnerability, but one that is easily defeated by having a hard drive password and hibernating the laptop when you leave it in a place where you are afraid an attacker might gain physical access.
Thinkpad 25 (20K7), T490 (20N3), Yoga 14 (20FY), T430s (IPS FHD + Classic Keyboard), X220 4291-4BG
X61 7673-V2V, T60 2007-QPG, T42 2373-F7G, X32 (IPS Screen), A31p w/ Ultrabay Numpad
X61 7673-V2V, T60 2007-QPG, T42 2373-F7G, X32 (IPS Screen), A31p w/ Ultrabay Numpad
Re: NOT what you want to hear about Thunderbolt
Technology often seems to have these flaws and I would never suggest that they are backdoors constructed purposefully. The internet and data is surely our best friend.
"United States Intelligence Community" has the answer hidden in the middle.
"United States Intelligence Community" has the answer hidden in the middle.
Active --- Love the X series
X301 W 7/Mint | X201 540M L Mint | X220 2520 W7/Mint
Nostalgia
X61 T7500 / T41 T42 T43 / A31
Rogue daily driver - Samsung RV511 15.6 " Screen - W 7
X301 W 7/Mint | X201 540M L Mint | X220 2520 W7/Mint
Nostalgia
X61 T7500 / T41 T42 T43 / A31
Rogue daily driver - Samsung RV511 15.6 " Screen - W 7
Re: NOT what you want to hear about Thunderbolt
Q: Does anyone knows which recent ThinkPad models support Kernel DMA Protection for Thunderbolt 3, which protects against Direct Memory Access (DMA) attacks? This is supposed to partially protect your computer from some of the vulnerabilities. I'm horrified.
www.pcmag.com/news/thunderbolt-flaw-all ... -5-minutes
http://thunderspy.io
Thunderbolt Flaw Allows Your Data to Be Stolen in 5 Minutes
If your system has a Thunderbolt port it's susceptible to the 'Thunderspy' method of stealing your data, even if it's encrypted and your system is locked.
...In total, [the author] discovered seven vulnerabilities that can break all primary security on Thunderbolt 1, 2, and 3 ports, meaning all Thunderbolt-equipped systems shipped since 2011 are susceptible. Using those seven vulnerabilities, nine "practical exploitation scenarios" have been discovered. If that wasn't bad enough, Ruytenberg claims the vulnerabilities can't be patched out in software and, "impact future standards such as USB 4 and Thunderbolt 4, and will require a silicon redesign."
...the only way to truly protect your system against Thunderspy is to disable the Thunderbolt controller entirely in the UEFI BIOS.
www.pcmag.com/news/thunderbolt-flaw-all ... -5-minutes
http://thunderspy.io
Thunderbolt Flaw Allows Your Data to Be Stolen in 5 Minutes
If your system has a Thunderbolt port it's susceptible to the 'Thunderspy' method of stealing your data, even if it's encrypted and your system is locked.
...In total, [the author] discovered seven vulnerabilities that can break all primary security on Thunderbolt 1, 2, and 3 ports, meaning all Thunderbolt-equipped systems shipped since 2011 are susceptible. Using those seven vulnerabilities, nine "practical exploitation scenarios" have been discovered. If that wasn't bad enough, Ruytenberg claims the vulnerabilities can't be patched out in software and, "impact future standards such as USB 4 and Thunderbolt 4, and will require a silicon redesign."
...the only way to truly protect your system against Thunderspy is to disable the Thunderbolt controller entirely in the UEFI BIOS.
Last edited by w0qj on Wed May 13, 2020 3:36 pm, edited 1 time in total.
Daily Driver: (X1E3) X1 Extreme 3rd Gen | mobile broadband (WWAN)
Current Thinkpads: X1E3 | X1E1 | X1C10 | X1C9 | X1C4 | X1C3 | X230
Retired Thinkpads: X250 | T410 | T42 | 560 (circa 1996)
Current Thinkpads: X1E3 | X1E1 | X1C10 | X1C9 | X1C4 | X1C3 | X230
Retired Thinkpads: X250 | T410 | T42 | 560 (circa 1996)
Re: NOT what you want to hear about Thunderbolt
RBS's (ie: OP's) URL article link suggests that these computers may not be affected by this Intel/Thunderbolt bug:
www.zdnet.com/article/thunderbolt-flaws ... -wont-help
"Ruytenberg also notes that very few systems sold since 2019 actually support the security feature.
...Lenovo ThinkPad P53 and X1 Carbon 2019 and later, and the Lenovo Yoga C940, if it shipped with Intel's Ice Lake CPU."
- - - - - - - - - -
Note: X1 Carbon 2019 should be X1 Carbon (7th Generation), and is not affected by this Intel/Thunderbolt bug.
*Perhaps* the ThinkPad P73, X1 Extreme (2nd Generation, circa Aug 2019), and P1 (2nd Generation, circa Aug 2019) also are not affected, since these were introduced along with ThinkPad P53?
www.zdnet.com/article/thunderbolt-flaws ... -wont-help
"Ruytenberg also notes that very few systems sold since 2019 actually support the security feature.
...Lenovo ThinkPad P53 and X1 Carbon 2019 and later, and the Lenovo Yoga C940, if it shipped with Intel's Ice Lake CPU."
- - - - - - - - - -
Note: X1 Carbon 2019 should be X1 Carbon (7th Generation), and is not affected by this Intel/Thunderbolt bug.
*Perhaps* the ThinkPad P73, X1 Extreme (2nd Generation, circa Aug 2019), and P1 (2nd Generation, circa Aug 2019) also are not affected, since these were introduced along with ThinkPad P53?
Daily Driver: (X1E3) X1 Extreme 3rd Gen | mobile broadband (WWAN)
Current Thinkpads: X1E3 | X1E1 | X1C10 | X1C9 | X1C4 | X1C3 | X230
Retired Thinkpads: X250 | T410 | T42 | 560 (circa 1996)
Current Thinkpads: X1E3 | X1E1 | X1C10 | X1C9 | X1C4 | X1C3 | X230
Retired Thinkpads: X250 | T410 | T42 | 560 (circa 1996)
-
- Admin Emeritus
- Posts: 23826
- Joined: Mon Sep 18, 2006 5:17 am
- Location: Loch Garman, Éire
Re: NOT what you want to hear about Thunderbolt
Thunderbolt problems CAN be solved apparently, you only need an SPI programmer and an 8-pin SOIC-cable.
Lovely day for a Guinness! (The Real Black Stuff)
Re: NOT what you want to hear about Thunderbolt
How does this relate to the current problem discussed in this topic?RealBlackStuff wrote: ↑Tue May 19, 2020 1:18 amThunderbolt problems CAN be solved apparently, you only need an SPI programmer and an 8-pin SOIC-cable.
Thinkpad 25 (20K7), T490 (20N3), Yoga 14 (20FY), T430s (IPS FHD + Classic Keyboard), X220 4291-4BG
X61 7673-V2V, T60 2007-QPG, T42 2373-F7G, X32 (IPS Screen), A31p w/ Ultrabay Numpad
X61 7673-V2V, T60 2007-QPG, T42 2373-F7G, X32 (IPS Screen), A31p w/ Ultrabay Numpad
-
- Admin Emeritus
- Posts: 23826
- Joined: Mon Sep 18, 2006 5:17 am
- Location: Loch Garman, Éire
Re: NOT what you want to hear about Thunderbolt
Question: Is there any way to force ThinkPad to ask for hard drive password after waking up from "Sleep"?
Sleep: Finally gave "Sleep" and hard drive password a try; regret to report that it does not work well.
ie: resuming from "Sleep" does not require hard drive password, so your local coffee shop hacker with physical ThinkPad access can still use Thunderbolt exploit to gain access to your hard drive data.
Shut_Down: Upon "Shut Down" our ThinkPad, the next reboot requires hard drive password, hence (hopefully) foiling your local coffee shop hacker with physical ThinkPad access.
Hibernation: The hibernation method as described by dr_st also enable hard drive password security the next time ThinkPad wakes up, but unfortunately hibernation forces gigabytes of data writes whenever user instructs ThinkPad to enter hibernation, and if you are use SSD this would not be good.
Sleep: Finally gave "Sleep" and hard drive password a try; regret to report that it does not work well.
ie: resuming from "Sleep" does not require hard drive password, so your local coffee shop hacker with physical ThinkPad access can still use Thunderbolt exploit to gain access to your hard drive data.
Shut_Down: Upon "Shut Down" our ThinkPad, the next reboot requires hard drive password, hence (hopefully) foiling your local coffee shop hacker with physical ThinkPad access.
Hibernation: The hibernation method as described by dr_st also enable hard drive password security the next time ThinkPad wakes up, but unfortunately hibernation forces gigabytes of data writes whenever user instructs ThinkPad to enter hibernation, and if you are use SSD this would not be good.
dr_st wrote: ↑Mon May 11, 2020 1:48 pmFeels good delivering "bad news" about Thunderbolt and Intel, doesn't it?
Obviously, you don't even have to bother with reading the content. Because the headlines are built to scare you. They will make you think that any Joe Schmoe with a Thunderbolt pen-drive can just connect, type a few letters, and steal all your data. When really they need to take the bottom cover off, connect a physical flash programmer, and run something on the other computer they brought with them. That's not a trivial attack vector. Oh, and they need the PC to be on.
Not saying that it is a trivial vulnerability, but one that is easily defeated by having a hard drive password and hibernating the laptop when you leave it in a place where you are afraid an attacker might gain physical access.
Daily Driver: (X1E3) X1 Extreme 3rd Gen | mobile broadband (WWAN)
Current Thinkpads: X1E3 | X1E1 | X1C10 | X1C9 | X1C4 | X1C3 | X230
Retired Thinkpads: X250 | T410 | T42 | 560 (circa 1996)
Current Thinkpads: X1E3 | X1E1 | X1C10 | X1C9 | X1C4 | X1C3 | X230
Retired Thinkpads: X250 | T410 | T42 | 560 (circa 1996)
Re: NOT what you want to hear about Thunderbolt
No, it goes contrary to how sleep mode was designed to work. Some third party drive encryption tools may be able to do so, but they actually break if your drive is a self-encrypting one (OPAL). Read here, for example:
https://success.trendmicro.com/solution ... ware-encry
It was never designed to do it, so I wouldn't say it doesn't "work well".
If one has a habit of leaving his laptop in standby on his coffee shop table, while going to take a dump in the toilet, that person has bigger problems than Thunderbolt.
Thank you for reporting the obvious.
Sheesh. Your understanding of SSD technology seems to be stuck in the last decade. Any modern SSD can handle hundreds of terabytes of writes with no issues. Many of them can handle more.w0qj wrote: ↑Tue Jun 23, 2020 4:03 pmHibernation: The hibernation method as described by dr_st also enable hard drive password security the next time ThinkPad wakes up, but unfortunately hibernation forces gigabytes of data writes whenever user instructs ThinkPad to enter hibernation, and if you are use SSD this would not be good.
Thinkpad 25 (20K7), T490 (20N3), Yoga 14 (20FY), T430s (IPS FHD + Classic Keyboard), X220 4291-4BG
X61 7673-V2V, T60 2007-QPG, T42 2373-F7G, X32 (IPS Screen), A31p w/ Ultrabay Numpad
X61 7673-V2V, T60 2007-QPG, T42 2373-F7G, X32 (IPS Screen), A31p w/ Ultrabay Numpad
-
- ThinkPadder
- Posts: 1724
- Joined: Sat Apr 22, 2006 4:26 pm
- Location: TX, USA & Bombay, India
Re: NOT what you want to hear about Thunderbolt
Following.
How long till a fix is found?
How long till a fix is found?
T61 8892-02U: 14.1"SXGA+/2.2C2D/4G/XP|Adv Mini Dock|30" Gateway XHD3000 WQXGA via Dual-link DVI
X61T 7767-96U: 12.1"SXGA+/1.6C2D/3G/Vista|Ultrabase
W510 4319-2PU: 15.6"FHD/i7-720QM/4G/Win7Pro64 (for dad)
T43 1875-DLU: 14.1"XGA/1.7PM-740/1G/XP (Old)
X61T 7767-96U: 12.1"SXGA+/1.6C2D/3G/Vista|Ultrabase
W510 4319-2PU: 15.6"FHD/i7-720QM/4G/Win7Pro64 (for dad)
T43 1875-DLU: 14.1"XGA/1.7PM-740/1G/XP (Old)
-
- ThinkPadder
- Posts: 1494
- Joined: Fri May 27, 2011 9:19 pm
- Location: Florida
Re: NOT what you want to hear about Thunderbolt
Jeez, How much time are you all spending in starbucks???
I'm not partial to it, Wawa is just as good and less expensive, and I spend little time in there, certainly not with a ThinkPad. Even if I went to a sb, I would get my drink and go. Same goes for pendejos, er, um, paneras. I brought a Thinkpad in there twice so far, in total, since they first opened some 15-20 years ago.
I'm not partial to it, Wawa is just as good and less expensive, and I spend little time in there, certainly not with a ThinkPad. Even if I went to a sb, I would get my drink and go. Same goes for pendejos, er, um, paneras. I brought a Thinkpad in there twice so far, in total, since they first opened some 15-20 years ago.
600 600X
760LD FUBARd
T21 2647 T22 2647 1@ 1GHz SXGA+ 4 more; T23 2647 1@ 1.2GHz SXGA+ 3 more
T30 2366-88U 2GHz; 2366-83U 1.8G; 5@ 2366-LU0/66U; 2367-KU6 FUBARd
T41 T42 T43
T60 T61 8897 2.4GHz SXGA+; 8898 2.4Ghz; 6463 2@ WSXGA+; 7658 2.5GHz; T61p; 6 more T61s
T500 2
T530 W530
760LD FUBARd
T21 2647 T22 2647 1@ 1GHz SXGA+ 4 more; T23 2647 1@ 1.2GHz SXGA+ 3 more
T30 2366-88U 2GHz; 2366-83U 1.8G; 5@ 2366-LU0/66U; 2367-KU6 FUBARd
T41 T42 T43
T60 T61 8897 2.4GHz SXGA+; 8898 2.4Ghz; 6463 2@ WSXGA+; 7658 2.5GHz; T61p; 6 more T61s
T500 2
T530 W530
-
- Similar Topics
- Replies
- Views
- Last post
-
-
PM Device Version For Critical Thunderbolt Firmware Patch
by TPFanatic » Wed Oct 25, 2023 8:49 am » in Thinkpad - General HARDWARE/SOFTWARE questions - 0 Replies
- 3111 Views
-
Last post by TPFanatic
Wed Oct 25, 2023 8:49 am
-
-
-
How bad was the Thunderbolt Firmware Problem
by euless » Wed Feb 07, 2024 4:19 am » in ThinkPad T430-T490 / T530-T590 Series - 3 Replies
- 841 Views
-
Last post by TPFanatic
Sun Feb 11, 2024 6:20 am
-
-
-
Can you add a GeForce GPU in a G41 with Intel GPU?
by Gonzaleitor » Thu Oct 26, 2023 1:51 pm » in ThinkPad R, A, G and Z Series - 2 Replies
- 5531 Views
-
Last post by Gonzaleitor
Thu Oct 26, 2023 5:22 pm
-
-
-
Internet Speed Test, who can you believe?
by RealBlackStuff » Tue Nov 14, 2023 3:51 am » in ** HOW TOs & FAQs ** - 20 Replies
- 7340 Views
-
Last post by ajkula66
Mon Feb 19, 2024 8:21 am
-
Who is online
Users browsing this forum: No registered users and 5 guests