Categories: NewsTech

Thunderbolt vulnerability allows hackers into PCs and certain Macs ‘in minutes’

A security researcher from the Eindhoven University of Technology, Björn Ruytenberg announced that there are vulnerabilities discovered in the Thunderbolt connection standard that could allow hackers to access the contents of a locked laptop within minutes. This not only referred to Windows computers, but also Apple Macs with Boot Camp installs of Windows and Linux.

Thunderspy

A YouTube video posted by the same researcher also detailed how a hacker could get access to a locked Lenovo P1 as an example. He only needed a few minutes of physical access to the locked laptop, as well as “some easily portable hardware” to bypass a computer’s security mechanisms—even if it’s locked and its hard drive is encrypted. He named the vulnerability “Thunderspy”.

“Thunderspy targets devices with a Thunderbolt port. If your computer has such a port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep,” wrote Ruytenberg.

The process involves unscrewing the backplate of the laptop, interfacing with the Thunderbolt controller with a single-board computer, rewriting the controller firmware and disabling security features. As a result, Ruytenberg was able to bypass the password lock screen on the device in just five minutes.

While this vulnerability can’t be successfully done if you’re careful with where you put your laptop, there can be what security experts call an “evil maid attack”. The attack refers to the types of hacking that require physical access to a device, like a laptop left alone in a hotel room.

How Thunderspy affects Macs

The vulnerability, which is un-patchable by software, affects all Thunderbolt-equipped PCs manufactured before 2019. As for Macs, they are only “partially affected”. This means that hackers wouldn’t be able to get access Macs as long as a user is running macOS instead of Windows or Linux via Boot Camp. Macs running Windows or Linux on Boot Camp, however, are just as vulnerable as other PCs.

“Running Windows or Linux using the Boot Camp utility disables all Thunderbolt security. Therefore, your system is trivially affected by Thunderspy,” said Ruytenberg.

In Ruytenberg’s vulnerability disclosure procedure, Apple has also stated that some of the hardware security features Ruytenberg outlined are only available when users run macOS. If users are concerned about any of the issues in his paper, they recommend that people use macOS.

How do you check to determine if your system is vulnerable?

Ruytenberg has made available a free and open-source tool, Spycheck to determine if your system is vulnerable. If it is found to be vulnerable, the tool can guide you to recommendations on how to help protect your system.

“We have found 7 vulnerabilities in Intel’s design and developed 9 realistic scenarios how these could be exploited by a malicious entity to get access to your system, past the defences that Intel had set up for your protection,” he wrote. You can read more information about Spycheck here.

Ultimately, Ruytenberg says that the only way for users to fully prevent against such an attack is for them to disable their computer’s Thunderbolt ports in their machine’s BIOS, enable hard drive encryption, and turn off their computer when leaving it unattended. And while most macOS users are largely safe from the vulnerability, it’s still a good idea to avoid plugging in untrusted peripherals or storage devices.

We also previously reported that Microsoft decided against including Thunderbolt support due to the susceptibility of having a “direct memory access port”.

[ SOURCE, 2 ]

Related reading

Recent Posts

Malaysia Airlines’ new A330neo grounded temporarily due to production issues

Malaysia Airlines has temporarily grounded its brand new Airbus A330neo after completing four commercial flights.…

12 hours ago

Proton e.MAS 7: Here’s how much it cost to maintain this EV

Pro-Net recently revealed that you only need to service the new Proton e.MAS 7 EV…

2 days ago

Proton e.MAS 7: How much does it cost to replace the tyres?

The Proton e.MAS 7 is one of the most value for money SUVs at the…

2 days ago

Samsung to launch its new AI-powered home appliances with improved ecosystem integration at CES 2025

Samsung has announced that it will be holding its press conference titled "AI for All:…

2 days ago

SoyaCincau Awards 2024: The Best Phones of the Year

Modern smartphones are very capable computing devices, thanks to powerful hardware trickling down the price…

2 days ago

CelcomDigi offers 5G Home WiFi at RM69/month for Postpaid customers

If you're a CelcomDigi Postpaid 5G customer and can't get fibre broadband for your home,…

3 days ago

This website uses cookies.