Security researchers recently confirm a vulnerability that takes advantage of Thunderbolt ports in many personal computers.
The hack only takes a couple of minutes to execute. However, hackers need to have physical access to the target computer to execute it.
Security experts simply call it Thunderspy. The attack takes advantage of an unsecure Intel Thunderbolt ports that are commonly found in many personal computers. The researchers note that PCs manufactured before 2019 are prone to this new attack.
What are the targets
Bjorn Ruytenberg is the Dutch security researcher that first reported the vulnerability. He claims that he can pull off the hack in just a matter of minutes, as long as he has a physical access to the device.
Thunderbolt ports are some of the most common ports found in many personal computers. The hack can be executed on both Windows and Linux operating systems, as long as they have a Thunderbolt port.
In a statement, Mr. Ruytenberg says:
“All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access of the laptop.”
There are different kinds of approach in executing the hack. The hardest of which requires opening the backplate of the laptop in order to deliver the payload.
The scariest part of the hack is that it is completely untraceable. Though the hacker needs to have physical access to the target device, the entire hack can be execute without any trace of intrusion.
The vulnerability
Security researches have long been doubtful about the security features of the Thunderbolt port. This particular port provides high-speed data transfer. However, it opens up a lot of vulnerabilities to the device.
This has been a long time coming. Today we release Thunderspy. Find full details at https://t.co/TkanJmzCk6. Thanks to @a_greenberg for reporting. #Thunderspy #Intel #Thunderbolt https://t.co/WR9hGfJCbB
— Björn Ruytenberg (@[email protected]) (@0Xiphorus) May 11, 2020
One of the main reasons why the Thunderbolt port is fast is due to the fact that it gives direct access to the computer’s memory. This leaves a lot of vulnerabilities for malicious users to exploit.
Last year, a group of security researchers presented a hack known as Thunderclap. The hack can completely bypass all security measures by simply plugging a compromised device into a Thunderbolt port.
As a security precaution, experts recommend that users take advantage of a feature they call “security levels.” This feature does not allow untrusted devices to access the port.
In order to mitigate these hacks, Intel launch a security project it calls Kernel Direct Memory Access Protection. This feature does provide additional security measures for the Thunderbolt port. However, it would appear that it is still no enough.
Image courtesy of Mk2010/Wikimedia Commons