Thunderbolt ports vulnerable to hands-on hacks2020-05-12 17:51 by Daniela
Tags: Thunderbolt, hackers
Security researcher Björn Ruytenberg with the Eindhoven University of Technology recently published a report detailing a series of serious security vulnerabilities in Thunderbolt 2 and Thunderbolt 3, collectively called "Thunderspy."
The attack specifically targets Thunderbolt technology, which is a hardware interface developed by Intel (in collaboration with Apple) that allows users to consolidate data transfer, charging and video peripherals into a single connector. While Apple first introduced Thunderbolt ports on its MacBook Pro in 2011, the technology has also been widely adopted with varying PCs such as Dell, HP and Lenovo. The vulnerabilities are present in all machines with Thunderbolt/Thunderbolt-compatible USB-C ports shipped between 2011 and 2020.
Although hackers need physical access to a Windows or Linux computer to exploit the flaws, they could theoretically gain access to all data in about five minutes even if the laptop is locked, password protected, and has an encrypted hard drive. The entire process can reportedly be completed with a series of off-the-shelf components costing just a few hundred dollars. Perhaps most worryingly, the researcher says the flaws cannot be patched in software, and that a hardware redesign will be needed to completely fix the issues.
Ultimately, Ruytenberg says that the only way for users to fully prevent against such an attack is for them to disable their computer's Thunderbolt ports in their machine's BIOS, enable hard drive encryption, and turn off their computer when leaving it unattended.
Read more -here-