Hardware-backed PC security to thwart Thunderspy attacks

by Don Sharpe
Don Sharpe
Don Sharpe
Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been... read more
Affiliate Disclosure
  • The concept of hardware-backed PC security is gaining momentum day by day.
  • Microsoft backs secured-core PCs as a counter-measure against cyber threats like Thunderspy.
  • Visit the News page to learn more.
  • Check out our Cybersecurity hub to keep up-to-date with the latest PC hacking threats and solutions.

The concept of hardware-backed PC security is gaining momentum day by day. It is an outcome of industry stakeholders rethinking their cybersecurity strategies.

That is why, in the war against cyber attacks, Microsoft is pushing for a multi-faceted approach. The company argues that traditional anti-malware software or firewall defenses are inadequate today.

Therefore, it is advocating for the use of multiple strategies built around hardware-backed security or secured-core PCs. This approach is more effective in the prevention of Thunderspy or similar attacks.

What is a Thunderspy attack?

Thunderspy is a type of hacking that exploits direct memory access (DMA). A recent report by scientists at the Eindhoven University of Technology shows how it works.

The end-game for Thunderspy is data theft or other types of illegal code execution at the system kernel level. To achieve that, the attacker has to breach kernel security by exploiting Thunderbolt weaknesses.

First, the hacker connects a malware-infested device to a PC via the Thunderbolt hardware interface.

Then, the Thunderspy hacking tool disables Thunderbolt firmware’s security features.

In a successful attack, the malware bypasses Windows system security measures like sign-in. It then becomes possible to steal, spy, or manipulate data without restrictions.

The threat is so scary that an attacker does not need to know your password to breach your PC.

It appears that Thunderspy is not a remote code execution (RCE) attack. Thus, it requires the malicious actor to have physical access to the target device.

Secured-core PCs

Microsoft is talking up secured-core  tech as the backbone of hardware-backed PC security.

These personal computers have built-in hardware and firmware that protect them from Thunderspy or similar DMA infringements.

For starters, hardware-backed PCs support Kernal DMA protection. This security layer makes it difficult for Thunderspy malware to read or write to system memory.

The devices also leverage the Windows Defender System Guard and hypervisor-protected code integrity (HVCI).

You can always leave your questions or suggestions in the comments section below.

This article covers:Topics: