Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Hardware-backed PC security to thwart Thunderspy attacks
2 min. read
Updated onMay 29, 2020
updated onMay 29, 2020
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Key notes
The concept of hardware-backed PC security is gaining momentum day by day. It is an outcome of industry stakeholders rethinking their cybersecurity strategies.
That is why, in the war againstcyber attacks, Microsoft is pushing for a multi-faceted approach. The company argues that traditional anti-malware software or firewall defenses are inadequate today.
Therefore, it isadvocatingfor the use of multiple strategies built around hardware-backed security or secured-core PCs. This approach is more effective in the prevention of Thunderspy or similar attacks.
What is a Thunderspy attack?
Thunderspy is a type of hacking that exploits direct memory access (DMA). A recent report by scientists at the Eindhoven University of Technology shows how it works.
The end-game for Thunderspy is data theft or other types of illegal code execution at the system kernel level. To achieve that, the attacker has to breach kernel security by exploiting Thunderbolt weaknesses.
First, the hacker connects a malware-infested device to a PC via the Thunderbolt hardware interface.
Then, the Thunderspy hacking tool disables Thunderbolt firmware’s security features.
In a successful attack, the malware bypasses Windows system security measures like sign-in. It then becomes possible to steal, spy, or manipulate data without restrictions.
The threat is so scary that an attacker does not need to know your password to breach your PC.
It appears that Thunderspy is not a remote code execution (RCE) attack. Thus, it requires the malicious actor to have physical access to the target device.
Secured-core PCs
Microsoft is talking upsecured-coretech as the backbone of hardware-backed PC security.
These personal computers have built-in hardware and firmware that protect them from Thunderspy or similar DMA infringements.
For starters, hardware-backed PCs support Kernal DMA protection. This security layer makes it difficult for Thunderspy malware to read or write to system memory.
The devices also leverage theWindows Defender System Guardandhypervisor-protected code integrity(HVCI).
You can always leave your questions or suggestions in the comments section below.
[wl_navigator]
More about the topics:Cybersecurity,microsoft
Don Sharpe
Tech Journalist
Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been published on Livebitcoinnews.com, Learnbonds.com, eHow, AskMen.com, Forexminute.com, The Writers Network and a host of other companies.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Don Sharpe
Tech Journalist
Don has been writing professionally for over 10 years now, simplifying the tech universe for the mases.
