Microsoft is warning Windows PC owners about a security flaw with Thunderbolts, in which its controller firmware can be modified to disable its security. All PCs with the said port are at risk, except newly released models that come with Kernel DMA protection.
Security expert Bjorn Ruytenberg calls the threat "Thunderspy," and is warning PC users that suspending or locking their PCs is not enough to secure the device. Enabling disk encryption doesn't help either, neither creating a complicated password nor setting up a Secure Boot. All it takes for an attacker to compromise a device is "five minutes alone with a computer," as Ruytenberg puts it.
Though physically attacking a computer is rare and considered high-risk, it can happen. You could be at a cafe and leave your PC for a few minutes to go to the restroom -- that's already an opportunity for attackers. It can also happen in hotels, wherein an attacker can pose as a cleaning attendant and gain access to your machine without your knowledge.
According to Microsoft, since Thunderspy exploits hardware vulnerability, it cannot be patched. The only way to remedy an already attacked machine is to replace it. And don't just buy any kind of PC -- choose something with a "Secured core."
Secured-core PCs were introduced in 2019 and are equipped with every security feature, both hardware and firmware need. In a report by Forbes, the author notes that Intel has confirmed that Thunderspy won't be successfully carried out if the system has Kernel DMA protection, a feature that's available on Microsoft's Secured-core devices.
Microsoft is offering a variety of Secured-core PCs for business users, particularly those who need to travel a lot and have to leave their PCs for periods. These include politicians, negotiators, VIPs, and business personalities.
If you don't own a Secured-core PC, it's recommended that you must always assume that your device has been compromised each time you leave it. For individuals who have to store sensitive information on their PCs, it is best to acquire a burner device and only get the files that you need when taking it with you on a business trip.
Thunderspy is a huge threat to anyone who keeps important and sensitive info on their PCs, but realistically, it only affects a small percentage of users. However, it still must not be taken lightly. So in case, you're planning to buy a new PC, consider something with a Kernel DMA protection.
