Do you own a Thunderbolt equipped laptop, and have bought it after 2011? Well, we’ve news for YOU. 7 newly discovered Intel Thunderbolt vulnerabilities have exposed your device to hackers. Learn what to do?
How many times have you heard the advice “Don’t leave your laptop unattended” and didn’t really follow through. Turns out, the warnings were right all along, and referred to circumstances like this. In a shocking new tech-news, a Dutch researcher has come through and demonstrated how a hacker can gain full access to your computer in mere 5 minutes.
His research is based on Thunderbolt, a hardware interface developed by Intel and Apple, which has now become the center of attention with several fresh vulnerabilities coming to light. To detail, Thunderbolt is an advanced technology that provides high performance data and displays through a single port. It provides DC power, Display Ports and PCI Express all in one cable for easier management. Most commonly seen in Apple Macs, Windows, and possibly every other currently in-use laptop/ desktops.
But on May 10, 2020, Björn Ruytenberg, a dutch researcher from Eindhoven University of Technology reported his study on multiple Thunderbolt flaws and how they can be exploited. His research includes 7 unpatchable hardware vulnerabilities and 9 attack methods, which are collectively called ‘Thunderspy’. As obvious the target device must have a Thunderbolt port, and must be physically accessible for the threat actor. Ruytenberg came up with multiple distinct, practical scenarios on how to hack a PC using Thunderbolt.
The attack works by gaining read/ write permissions of the system’s storage, and eventually accessing all available data. The scariest part is that this hack is not dependent on logging in the system; contrary to popular belief here the infiltration can happen on locked out, or even sleeping computers, bypassing Intel’s high security design and parameters. No system security best practices like OS passwords, secure boot, robust BIOS or disk encryption can save you.