「サンダースパイ」の版間の差分

'''サンダースパイ'''（{{Lang-en|Thunderspy}}）は、[[2020年]][[5月10日]]に初公表された[[Thunderbolt|Intel Thunderbolt端子]]に起因する[[脆弱性|セキュリティ脆弱性]]の一種。この脆弱性を用い、[[2019年]]以前に製造された（一部それ以降の製造分を含む）Intel Thunderbolt端子を搭載する多数の[[アップル_(企業)|Apple]]、[[Linux]]、[[Microsoft Windows|Windows]]搭載端末に対する[[悪意ある[[メイド攻撃]]により、数分で（所有者が離席しているわずかな間にも）コンピューター上の全アクセスを取得できる<ref name="WRD-20200510">{{cite news |last=Greenberg |first=Andy |title=Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking - The so-called Thunderspy attack takes less than five minutes to pull off with physical access to a device, and it affects any PC manufactured before 2019. |url=https://www.wired.com/story/thunderspy-thunderbolt-evil-maid-hacking/ |date=10 May 2020 |work=[[Wired (magazine)|Wired]] |accessdate=11 May 2020 }}</ref><ref name="VRG-20200511">{{cite news |last=Porter |first=Jon |title=Thunderbolt flaw allows access to a PC’s data in minutes - Affects all Thunderbolt-enabled PCs manufactured before 2019, and some after that |url=https://www.theverge.com/2020/5/11/21254290/thunderbolt-security-vulnerability-thunderspy-encryption-access-intel-laptops |date=11 May 2020 |work=[[The Verge]] |accessdate=11 May 2020 }}</ref><ref name="FRBS-20200511">{{cite news |last=Doffman |first=Zak |title=Intel Confirms Critical New Security Problem For Windows Users |url=https://www.forbes.com/sites/zakdoffman/2020/05/11/intel-confirms-critical-security-flaw-affecting-almost-all-windows-users/ |date=11 May 2020 |work=[[Forbes]] |accessdate=11 May 2020 }}</ref><ref name="TSY-2020">{{cite news |last=Ruytenberg |first=Björn |title=Thunderspy: When Lightning Strikes Thrice: Breaking Thunderbolt 3 Security |url=https://thunderspy.io/ |date=2020 |work=Thunderspy.io |accessdate=11 May 2020 }}</ref><ref name="SW-20200511">{{cite news |last=Kovacs |first=Eduard |title=Thunderspy: More Thunderbolt Flaws Expose Millions of Computers to Attacks |url=https://www.securityweek.com/thunderspy-more-thunderbolt-flaws-expose-millions-computers-attacks |date=11 May 2020 |work=SecurityWeek.com |accessdate=11 May 2020 }}</ref><ref name="TP-20200511">{{cite news |last=O'Donnell |first=Lindsey |title=Millions of Thunderbolt-Equipped Devices Open to ‘ThunderSpy’ Attack |url=https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/ |date=11 May 2020 |work=ThreatPost.com |accessdate=11 May 2020 }}</ref><ref name="BN-20200511">{{cite news|last=Wyciślik-Wilson |first=Mark |title=Thunderspy vulnerability in Thunderbolt 3 allows hackers to steal files from Windows and Linux machines |url=https://betanews.com/2020/05/11/thunderspy-security-vulnerability/ |date=11 May 2020 |work=BetaNews.com |accessdate=11 May 2020 }}</ref><ref name="SR-20200511">{{cite news |last=Gorey |first=Colm |title=Thunderspy: What you need to know about unpatchable flaw in older PCs |url=https://www.siliconrepublic.com/enterprise/thunderbolt-port-hacker-vulnerability-thunderspy |date=11 May 2020 |work=SiliconRepublic.com |accessdate=12 May 2020 }}</ref>。この脆弱性の発見者であるBjörn Ruytenbergは「この脆弱性を利用して攻撃するには、筐体のネジを外して蓋を開け、一時的にデバイスを接続し、そのデバイスの[[ファームウェア]]を書き換え、筐体の蓋を閉めてネジを締めるだけでよい。これは5分以内に行うことができる」と述べている<ref name="WRD-20200510" />。