Microsoft confirmed the presence of a vulnerability that puts Windows users at serious risk. The threat comes with Thunderbolt ports.
Microsoft warned all Windows users to be vigilant with the potential presence of a serious security threat. The risk covers all Windows PCs with Thunderbolt ports.
Microsoft said that all a hacker needs to launch an attack is five minutes alone with the computer. The Thunderbolt ports play as the entrance point for a hacker to successfully intrude on a Windows PC.
Thunderspy can bypass security settings
Björn Ruytenberg, a Eindhoven University of Technology researcher discovered and exposed the vulnerability to the public. He named it “Thunderspy” because the attack gets in through the Thunderbolt ports.
The researcher said that Thunderspy can bypass security settings such as PC lock and disk encryption enabling. It can even go through strong system passwords, secure boot setup, and suspending or locking a PC.
Once a hacker successfully intruded a device through the Thunderbolt port, he gains physical access to the Windows PC. The attacker can then modify the controller firmware of the port to disable its security and intrude on the system.
Microsoft confirmed that through the “Thunderspy”, even password-protected systems can be invaded. The attack even bypasses the encryption then reads and copies data from a Windows PC in a short period of time.
The software giant added that the spy could sign in on any device that a hacker has physical access to. Aside from copying data, the attack could also launch malicious software on the victim’s device.
Who is susceptible to the Thunderspy attack
Users who travel and leave their laptops in hotels are the ones that the hackers target. Once the device owner is out, they could slip into the rooms, launch the attack on the Windows PCs and leave as though nothing happened.
Philip Ingram, a former British intel officer said that he handled some complaints about the issue in the past. He said that one of the reported cases claimed that he found screws from his laptop on the table. This was after stepping out for a few minutes of walk.
Security professionals who are aware of the attack that they call evil made have their way to keep their devices safe in hotels. They always put the do not disturb sign even when they are not around.
Windows users can protect their devices from Thunderspy
Microsoft gave out a few tips on how Windows users can keep their devices protected from Thunderspy. One is to choose a laptop with the Kernel DMA protection enabled.
Another way to protect the Windows PC is to always consider the device compromised whenever it has been away from the user’s sight for minutes. Microsoft added to always have a separate copy of the data needed for a specific meeting.
Image courtesy of Worawee Meepian/Shutterstock