Microsoft confirms a new serious security hole in Windows 10
This is a hardware error and cannot issue a software patch. Users can choose to better protect their computers or buy new devices with Kernel DMA security.
Microsoft has just confirmed the risk when hackers come into contact with systems equipped with Thunderbold ports to conduct 'Thunderspy' - physical intervention method on Thunderbolt port to write or read data in the machine even if the device has been is encrypted. This vulnerability occurs in hardware and cannot be fixed by software.
According to a Microsoft representative, an attacker who comes in direct contact with a Thunderbold-equipped computer can log in and steal, export unauthorized data or install malware. The advice given to users to avoid data theft is . 'buy a new computer'. Of course, not every device will work, but it must be a new security-enabled computer line, named Secured-core PC.
Björn Ruytenberg, a security researcher at Eindhoven University of Technology (EUT), discovered that the attacker said all the attacker needed to do the job was five minutes of exposure to the device. who noticed. Physical attacks on the machine are quite complicated, high risk and rarely occur but still exist in reality.
Previously, Intel has confirmed a new security hole on the Thunderbolt connection port that allows an attacker who has been in contact with a computer to edit the port control software to turn off the security feature. According to Forbes , nearly every computer with Thunderbolt port can be hacked, except for a few 2019-production devices (Secured-core PC) that have Kernel DMA protection enabled.
An Intel representative also said that the Thunderspy attacks simulated failures on systems equipped with the Kernel DMA security feature. 'Even if an attacker successfully copies the malicious version of Thunderbolt software to the machine, the Kernel DMA protection layer on the Secured-core computer can prevent all access via the Thunderbold port unless the hacker gets a password. device'.
Update 19 May 2020
You should read it
- How to enable Full-Disk Encryption on Windows 10?
- Samsung confirmed the vulnerability exists on Galaxy devices since 2014
- Top 20 best encryption software for Windows
- Adiantum, Google's new encryption method helps ensure safety for all Android devices
- Android operating system is the top target of hackers
- Application protection against DFA attacks
- What is email encryption? Why does it play an important role in email security?
- Errors on mobile applications allow hackers to control LG devices
- Microsoft fixes 28 Windows and Office security bugs
- DUHK attacks allow hackers to obtain encryption keys for VPN and web browsing sessions
- Detected Critical Security Bugs Affecting All Versions of Windows
- Samsung awards up to 200,000 USD for those who find its smartphone bugs
Maybe you are interested
Instructions for downloading the CSGO game and checking the gaming configuration Counter-Strike 2 is officially available on Steam CSGOFast: Legit or a Scam? What Advantages Do CSGO Skins Have When Sold For PayPal? What makes CS: GO a popular game in the world of Esports? How to Remove iCloud Activation Lock without Password