Millions of PCs are vulnerable to a Thunderbolt port flaw
A major security flaw has been flagged in Intel's Thunderbolt port. The issue is said to be affecting millions of Windows and Linux PCs manufactured before 2019. It can reportedly be used by hackers to break into your system and steal all its data in a matter of minutes. Here's all you need to know about it.
Bypassing lockscreen, hard disk encryptions to steal data
As revealed by security researcher Björn Ruytenberg, a hacker having physical access to your old Thunderbolt-equipped machine could use a technique called 'Thunderspy' and gain access to the machine's data, Wired reported. The method, the researcher explained, works even when the device in question is locked with a password, its hard disk data is encrypted, and the Thunderbolt port access is disabled.
How they could break in?
According to the researcher, to carry out a Thunderspy attack on a vulnerable PC, a hacker just "needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware [controlling the Thunderbolt port], reattach the backplate." The reprogrammed firmware would let the hacker change Thunderbolt port settings and open the way for any malicious peripheral device to access it.
Attack hardware comes at just $400
Ruytenberg says the hardware for rewriting the Thunderbolt controller's firmware and overriding its security mechanisms comes at just $400 and could be miniaturized pretty easily in the future. It gives "full access to the laptop," he said, adding that the entire attack could be wrapped up in less than 5 minutes, without leaving a trace behind.
New Windows, Linux notebooks are protected
The vulnerability was disclosed to Intel in February, following which the company issued a statement clarifying that it has created a Thunderbolt security system called Kernel Direct Memory Access Protection to prevent Thunderspy attacks. However, the thing is, these protections are only available with select notebooks launched in 2019 or later. Older notebooks, including some newer ones from HP, Dell, Lenovo, are still unprotected.
Check for these protections, don't leave PC unattended
That said, to stay protected, you need to make sure if your notebook has Intel's Thunderbolt protection or not. If yes, you are good to go. But, in case the security protections are not there, you need to be careful while using the Thunderbolt port. This means you should make sure that it is only used with trusted devices.
Intel has issued a statement on the matter
Meanwhile, Intel says the researchers didn't demonstrate an attack on PCs with its latest mitigation. "Please check with your system manufacturer to determine if your system has these mitigations incorporated. For all systems, we recommend following standard security practices, including the use of trusted peripherals."
