NOT what you want to hear about Thunderbolt

[RealBlackStuff]

Bad news for all you guys and girls with a laptop that has Thunderbolt.
Thunderbolt flaws affect millions of computers

More Thunderspy

[dr_st]

Feels good delivering "bad news" about Thunderbolt and Intel, doesn't it?

Obviously, you don't even have to bother with reading the content. Because the headlines are built to scare you. They will make you think that any Joe Schmoe with a Thunderbolt pen-drive can just connect, type a few letters, and steal all your data. When really they need to take the bottom cover off, connect a physical flash programmer, and run something on the other computer they brought with them. That's not a trivial attack vector. Oh, and they need the PC to be on.

Not saying that it is a trivial vulnerability, but one that is easily defeated by having a hard drive password and hibernating the laptop when you leave it in a place where you are afraid an attacker might gain physical access.

[shawross]

Technology often seems to have these flaws and I would never suggest that they are backdoors constructed purposefully. The internet and data is surely our best friend.

"United States Intelligence Community" has the answer hidden in the middle.

[w0qj]

Q: Does anyone knows which recent ThinkPad models support Kernel DMA Protection for Thunderbolt 3, which protects against Direct Memory Access (DMA) attacks? This is supposed to partially protect your computer from some of the vulnerabilities. I'm horrified.

www.pcmag.com/news/thunderbolt-flaw-all ... -5-minutes
http://thunderspy.io

Thunderbolt Flaw Allows Your Data to Be Stolen in 5 Minutes

If your system has a Thunderbolt port it's susceptible to the 'Thunderspy' method of stealing your data, even if it's encrypted and your system is locked.

...In total, [the author] discovered seven vulnerabilities that can break all primary security on Thunderbolt 1, 2, and 3 ports, meaning all Thunderbolt-equipped systems shipped since 2011 are susceptible. Using those seven vulnerabilities, nine "practical exploitation scenarios" have been discovered. If that wasn't bad enough, Ruytenberg claims the vulnerabilities can't be patched out in software and, "impact future standards such as USB 4 and Thunderbolt 4, and will require a silicon redesign."

...the only way to truly protect your system against Thunderspy is to disable the Thunderbolt controller entirely in the UEFI BIOS.

[w0qj]

RBS's (ie: OP's) URL article link suggests that these computers may not be affected by this Intel/Thunderbolt bug:
www.zdnet.com/article/thunderbolt-flaws ... -wont-help

"Ruytenberg also notes that very few systems sold since 2019 actually support the security feature.
...Lenovo ThinkPad P53 and X1 Carbon 2019 and later, and the Lenovo Yoga C940, if it shipped with Intel's Ice Lake CPU."

- - - - - - - - - -
Note: X1 Carbon 2019 should be X1 Carbon (7th Generation), and is not affected by this Intel/Thunderbolt bug.

*Perhaps* the ThinkPad P73, X1 Extreme (2nd Generation, circa Aug 2019), and P1 (2nd Generation, circa Aug 2019) also are not affected, since these were introduced along with ThinkPad P53?

[RealBlackStuff]

Thunderbolt problems CAN be solved apparently, you only need an SPI programmer and an 8-pin SOIC-cable.

[dr_st]

Thunderbolt problems CAN be solved apparently, you only need an SPI programmer and an 8-pin SOIC-cable.

How does this relate to the current problem discussed in this topic?

[RealBlackStuff]

???

[w0qj]

Question: Is there any way to force ThinkPad to ask for hard drive password after waking up from "Sleep"?


Sleep: Finally gave "Sleep" and hard drive password a try; regret to report that it does not work well.
ie: resuming from "Sleep" does not require hard drive password, so your local coffee shop hacker with physical ThinkPad access can still use Thunderbolt exploit to gain access to your hard drive data.


Shut_Down: Upon "Shut Down" our ThinkPad, the next reboot requires hard drive password, hence (hopefully) foiling your local coffee shop hacker with physical ThinkPad access.


Hibernation: The hibernation method as described by dr_st also enable hard drive password security the next time ThinkPad wakes up, but unfortunately hibernation forces gigabytes of data writes whenever user instructs ThinkPad to enter hibernation, and if you are use SSD this would not be good.

Feels good delivering "bad news" about Thunderbolt and Intel, doesn't it?

Obviously, you don't even have to bother with reading the content. Because the headlines are built to scare you. They will make you think that any Joe Schmoe with a Thunderbolt pen-drive can just connect, type a few letters, and steal all your data. When really they need to take the bottom cover off, connect a physical flash programmer, and run something on the other computer they brought with them. That's not a trivial attack vector. Oh, and they need the PC to be on.

Not saying that it is a trivial vulnerability, but one that is easily defeated by having a hard drive password and hibernating the laptop when you leave it in a place where you are afraid an attacker might gain physical access.

[dr_st]

Question: Is there any way to force ThinkPad to ask for hard drive password after waking up from "Sleep"?

No, it goes contrary to how sleep mode was designed to work. Some third party drive encryption tools may be able to do so, but they actually break if your drive is a self-encrypting one (OPAL). Read here, for example:
https://success.trendmicro.com/solution ... ware-encry

Sleep: Finally gave "Sleep" and hard drive password a try; regret to report that it does not work well.

It was never designed to do it, so I wouldn't say it doesn't "work well".

ie: resuming from "Sleep" does not require hard drive password, so your local coffee shop hacker with physical ThinkPad access can still use Thunderbolt exploit to gain access to your hard drive data.

If one has a habit of leaving his laptop in standby on his coffee shop table, while going to take a dump in the toilet, that person has bigger problems than Thunderbolt.

Shut_Down: Upon "Shut Down" our ThinkPad, the next reboot requires hard drive password, hence (hopefully) foiling your local coffee shop hacker with physical ThinkPad access.

Thank you for reporting the obvious.

Hibernation: The hibernation method as described by dr_st also enable hard drive password security the next time ThinkPad wakes up, but unfortunately hibernation forces gigabytes of data writes whenever user instructs ThinkPad to enter hibernation, and if you are use SSD this would not be good.

Sheesh. Your understanding of SSD technology seems to be stuck in the last decade. Any modern SSD can handle hundreds of terabytes of writes with no issues. Many of them can handle more.

[crashnburn]

Following.

How long till a fix is found?

[cadillacmike68]

Jeez, How much time are you all spending in starbucks???

I'm not partial to it, Wawa is just as good and less expensive, and I spend little time in there, certainly not with a ThinkPad. Even if I went to a sb, I would get my drink and go. Same goes for pendejos, er, um, paneras. I brought a Thinkpad in there twice so far, in total, since they first opened some 15-20 years ago.