Björn Ruytenberg, a researcher at the Eindhoven University of Technology, has revealed a new security flaw in Thunderbolt ports that allows millions of computers to be hacked, bypassing their lock screen without entering the password and accessing the information they store. The attack has been dubbed Thunderspy.
Hacking requires physical access to the machineBut, according to the researcher, the process can be completed in just five minutes. “All the attacker needs is to remove the backplane, momentarily plug in a device, reprogram the firmware, put the backplane back in,” Ruytenberg told WIRED magazine.
Which computers are vulnerable to Thunderspy and how to protect them
Thunderspy affects, to a greater or lesser extent, tAll computers with a Thunderbolt port sold since 2011. However, there are some nuances to consider:
Select Windows or Linux models sold starting in 2019 include Intel Kernel DMA protection. If it is active, the machine is only partially vulnerable.
Most Apple computers announced as of 2011 include Thunderbolt ports. If the computer is running macOS, Ruytenberg ensures that the machine is only partially vulnerable. If, on the other hand, the Mac is running Windows or Linux (through Boot Camp), the security measures around the Thunderbolt ports are disabled and the machine is completely vulnerable.
To check whether a computer is susceptible to attack, researchers have released the Spycheck tool. This is compatible, for the moment, with Windows and Linux.
The researcher behind Thunderspy says that if a computer doesn’t have Kernel DMA protection, this will always be vulnerable. Ruytenberg assures that the problem cannot be solved with a simple software update. “Basically, they will have to do a redesign of the silicon,” he explained to WIRED.
The only way to completely protect a computer vulnerable to Thunderspy, according to Ruytenberg, is taking the following precautions:
Connect only trusted Thunderbolt peripherals.
Do not leave your computer on, locked, or idle without owner supervision in untrusted environments. If the computer is not completely shutdown, a hacker with physical access to the machine could, within minutes, execute the Thunderspy attack and bypass the operating system lock screen. The only way to protect the machine, therefore, is to turn it off completely.
Disable Thunderbolt ports in the machine’s BIOS (if possible).
Does not affect USB-C
Thunderbolt technology, developed by Intel, allows, using the same connector (Mini DisplayPort in the case of Thunderbolt 1 and 2, USB-C in the case of Thunderbolt 3), to transfer data at a very high speed, drive high resolution external screens and provide power to others devices, among other things.
Although Thunderbolt 3 and USB-C go hand in hand, these terms are not exactly the same. USB-C is, simply, the connector, while Thunderbolt 3 is a technology that leans on this port. A USB-C computer, therefore, may not be compatible with Thunderbolt 3 – see first generation 12-inch MacBook. In that case, Thunderspy would not affect the machine.
Different generations of Thunderbolt technology have been present in multiple Apple products during the last decade. However, this is not the only company that makes use of it. Currently, it is possible to find infinity of equipment from different manufacturers compatible with this technology.
👇 More in Hypertextual