Spycheck: the Tool to Check Thunderspy Vulnerability

One of the biggest security threats that we can suffer are vulnerabilities. They can be present in all kinds of devices and systems. Hackers can take advantage of these existing security flaws to carry out their attacks, steal passwords and information, and distribute malware. In this article we are going to talk about how to know if a device is vulnerable to Thunderspy .

What is the Thunderspy vulnerability

First, let’s talk about what the Thunderspy vulnerability is , for those readers who don’t know it. These are actually seven vulnerabilities that affect desktops as well as laptops equipped with a Thunderbolt 2 or Thunderbolt 3 family host controller that employ higher levels of security.

Spycheck: the Tool to Check Thunderspy Vulnerability

Keep in mind that all Microsoft operating systems from Windows 7 to Windows 10 and all versions of the Linux kernel from kernel 4.13 are affected. Apple Macintosh systems are partially affected only due to additional security measures that are implemented by default.

Therefore we can say that there are many users who may be affected by this problem. We already know that Windows 10 together with Windows 7 are by far the most widely used operating systems on desktop computers.

It should also be noted that all attacks require brief local access to the system, but the system itself may be locked or in a suspended state. Now a security researcher has created a program that checks devices with Thunderbolt ports . It is available for Windows 7 and higher, as well as Linux Kernel 3.16 and Python 3.4 or higher.

How to use Spycheck

This tool is called Spycheck . Once we use it, it asks us to identify the ports on the device that can be USB-C or Mini-DisplayPort with lightning symbol or without lightning symbol.

To use it, the first thing we have to do is download it from its page . There we will have to choose the version that suits our computer (Windows or Linux) and download it. Once executed we will have to choose the ports of the device, as mentioned above.

Spycheck, herramienta para detectar vulnerabilidad de Thunderspy

When we have chosen the correct port we simply have to press Next. Automatically we will see that in the new window it shows us a message. In case our team is not vulnerable it will show us a message like the one we see below.

Sistema no vulnerable a Thunderspy

This means that there is no danger and therefore our team is not vulnerable to this threat. Otherwise they would indicate that it is and we would have to take measures.

The importance of keeping the system updated

It is very important that we always have the system updated . On many occasions vulnerabilities can arise, as we see. Hackers can take advantage of those errors to deploy their threats. A problem that can affect us regardless of the type of device or operating system we are using.

Luckily it is the developers themselves who release patches and security updates on a frequent basis. It is important that we install them as soon as they are available and thus avoid problems that may affect our privacy and security.