“Thunderspy” Threatens to Leave Your PC Subject to Physical Security Attacks
A new security flaw called “Thunderspy” makes millions of computer subject to a potential physical security attack where hackers would be able to access someone’s computer in just a matter of minutes. Security researcher Bjorn Ruytenberg revealed that if a hacker obtained access to the thunderbolt port on the target machine, in just a few minutes an attacker can read and copy data on the PC even if it’s locked or asleep.
In his report, Ruytenberg stated that Intel’s Thunderbolt design had seven total vulnerabilities that were discovered. He states that it is possible for someone to bypass the computers security to steal data from encrypted drives and memory with just “5 minutes alone with the computer, a screwdriver, and some easily portable hardware.”
Thunderbolt began to rise in popularity in 2011 when Apple and some Windows PC makers embraced the technology. It’s popular in high-end computing where a multipurpose connector is required. One Thunderbolt port can link external monitors, storage, network adapters and more.
Bjorn has developed a free open-source tool called Spycheck for Windows and Linux machines that can determine whether or not your machine is vulnerable to a Thunderspy attack, and then will offer recommendations on how you can protect your system.
In a statement Intel said that Thunderspy-type attacks were mitigated with Kernal Direct Memory Access Protection, however this feature isn’t available on machines constructed before 2019. In the statement, Intel also suggested that people should only use trusted peripherals to decrease the likelihood of unauthorized access to their machine.
Story via CNet