Categories: NewsTech

Thunderbolt vulnerability allows hackers into PCs and certain Macs ‘in minutes’

A security researcher from the Eindhoven University of Technology, Björn Ruytenberg announced that there are vulnerabilities discovered in the Thunderbolt connection standard that could allow hackers to access the contents of a locked laptop within minutes. This not only referred to Windows computers, but also Apple Macs with Boot Camp installs of Windows and Linux.

Thunderspy

A YouTube video posted by the same researcher also detailed how a hacker could get access to a locked Lenovo P1 as an example. He only needed a few minutes of physical access to the locked laptop, as well as “some easily portable hardware” to bypass a computer’s security mechanisms—even if it’s locked and its hard drive is encrypted. He named the vulnerability “Thunderspy”.

“Thunderspy targets devices with a Thunderbolt port. If your computer has such a port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep,” wrote Ruytenberg.

The process involves unscrewing the backplate of the laptop, interfacing with the Thunderbolt controller with a single-board computer, rewriting the controller firmware and disabling security features. As a result, Ruytenberg was able to bypass the password lock screen on the device in just five minutes.

While this vulnerability can’t be successfully done if you’re careful with where you put your laptop, there can be what security experts call an “evil maid attack”. The attack refers to the types of hacking that require physical access to a device, like a laptop left alone in a hotel room.

How Thunderspy affects Macs

The vulnerability, which is un-patchable by software, affects all Thunderbolt-equipped PCs manufactured before 2019. As for Macs, they are only “partially affected”. This means that hackers wouldn’t be able to get access Macs as long as a user is running macOS instead of Windows or Linux via Boot Camp. Macs running Windows or Linux on Boot Camp, however, are just as vulnerable as other PCs.

“Running Windows or Linux using the Boot Camp utility disables all Thunderbolt security. Therefore, your system is trivially affected by Thunderspy,” said Ruytenberg.

In Ruytenberg’s vulnerability disclosure procedure, Apple has also stated that some of the hardware security features Ruytenberg outlined are only available when users run macOS. If users are concerned about any of the issues in his paper, they recommend that people use macOS.

How do you check to determine if your system is vulnerable?

Ruytenberg has made available a free and open-source tool, Spycheck to determine if your system is vulnerable. If it is found to be vulnerable, the tool can guide you to recommendations on how to help protect your system.

“We have found 7 vulnerabilities in Intel’s design and developed 9 realistic scenarios how these could be exploited by a malicious entity to get access to your system, past the defences that Intel had set up for your protection,” he wrote. You can read more information about Spycheck here.

Ultimately, Ruytenberg says that the only way for users to fully prevent against such an attack is for them to disable their computer’s Thunderbolt ports in their machine’s BIOS, enable hard drive encryption, and turn off their computer when leaving it unattended. And while most macOS users are largely safe from the vulnerability, it’s still a good idea to avoid plugging in untrusted peripherals or storage devices.

We also previously reported that Microsoft decided against including Thunderbolt support due to the susceptibility of having a “direct memory access port”.

[ SOURCE, 2 ]

Related reading

Recent Posts

DC Handal deploys 4 EV charge points at Pearl City Mall Penang

DC Handal has just turned on its new EV chargers at Pearl City Mall which…

15 hours ago

redONE Mobile and Sinar Harian to Host FIFA World Cup Final Live Screening in Shah Alam

Malaysian Mobile Virtual Network Operator (MVNO) redONE Mobile has announced a collaboration with media outlet…

1 day ago

Samsung Galaxy Z Fold 8 and Z Fold 8 Ultra promo images leak ahead of launch

The Samsung Galaxy Z Fold 8 and Z Flip 8 foldables are scheduled to be…

1 day ago

ChargEV deploys additional EV chargers at Aeon Mall Cheras Selatan, up to 180kW

ChargEV has deployed additional chargers at Aeon Mall Cheras Selatan, bringing the total number of…

1 day ago

Apple Back to School 2026: Get up to RM600 Gift Card when you buy Mac or iPad

Apple has kicked off its new Back to School promo in Malaysia, which offers students…

1 day ago

6 Places You Can Watch the FIFA World Cup 2026 Finals Live in Malaysia

It has been a thrilling month filled with late-night matches and dramatic goals, and we…

2 days ago

This website uses cookies.