Latest Intel Chip Vulnerability Called Thunderspy Is Much Ado About Nothing...
In the past few days, we’ve heard about a vulnerability in the Thunderbolt interface that Intel has been building into its chip sets for Windows PCs and Macs for the past several years. While it’s never good to have a vulnerability, it’s also true that every complex system ever built has some flaw that can be found and potentially exploited with enough effort. The question is, what’s the risk from these potential exploits in the real, and not just theoretical, world, and should we be worried about them? Let’s look at this one in particular as what I believe is a case study on the ”exploitation of an exploit”.
First, this potential exploit is only on Thunderbolt enabled systems. For Windows PCs, that’s a fairly small installed base of mostly high end systems, and an even smaller number for ones that are more than a year or two old. In the Mac world, the installed base is higher as Apple was much more aggressive at installing Thunderbolt on its systems, especially in their relatively higher end Macs. So the majority of systems installed in both business and consumer environments are fairly small.
Second, the only way to exploit this vulnerability is to have physical access to the computer. Any attack would have to utilize a purpose-built piece of hardware that attaches to the Thunderbolt port on the system. This is not something an average hacker could do, given the nature of the attack vector. And it requires that the physical location of the system would have to be accessible to the hacker for some period of time to deploy the exploit. This might be possible for some spy agency who attacks your machine in your hotel room while you are out to dinner, but it’s unlikely to occur in very many situations.
Third, Intel stated that it has been aware of this vulnerability for some time and has already patched it in most systems. Indeed, in 2019, all the major operating systems (Windows, Mac and Linux) implemented Kernel Direct Memory Access (DMA) that essentially isolated the individual Thunderbolt connection from having access to main memory, thus essentially limiting any exploit to only obtaining the contents of that Thunderbolt interface memory location. This is not exactly a highway to the contents of the computer that people would be concerned about. Of course, this means that only updated systems are immune, but it’s likely the majority of installed systems have been updated.
And finally, this type of exploit is not what a typical bad actor would want to deploy. Hackers generally are motivated by the desire to destroy machines, capture sensitive personal or corporate data, or hold devices for ransom. To do this, they need to deliver their malware via an electronic means that can target large numbers of machines, and then have those machines spread that malware to other machines thus greatly increasing the possibility of success. Having to physically be at each machine attacked would mean that the hackers would have to do a lot of moving around. While this might be OK for an individual who is trying to do damage to a single or small group of machines to perhaps get back at someone or some company, it certainly would not be in the playbook of the average bad actors. And if someone had physical access to a machine and wanted to do damage, they could do much more damage without the need for this exploit (as an example, they could easily remove and/or copy the hard drive for data extraction at their leisure).
So what’s the bottom line to all of this? There are indeed vulnerabilities in all complex systems, and many do require concern for the security and privacy of personal and corporate systems and data. But we need to discriminate the “theoretical” vulnerability from the practical, and not overreact. While its necessary to take any and all vulnerabilities seriously and do our best to mitigate them, these types of vulnerabilities, often generate headlines that take the focus away from real and practical threats that all of us must be reacting to. This makes for good headlines, but bad policy if companies have to utilize scarce resources in response.
Jack Gold is the founder and principal analyst at J.Gold Associates, LLC.. With more than 45 years of experience in the computer and electronics industries, and 25 years as a tech analyst, he covers the many aspects of business and consumer computing and emerging technologies. Follow him on Twitter @jckgld or LinkedIn at https://www.dhirubhai.net/in/jckgld