Björn Ruytenberg, a researcher at the University of Eindhoven in the Netherlands, identified a security vulnerability in Thunderbolt port that could allow a hacker to enter a computer in a few minutes and access all of its data, even if the owner of the computer has security has taken precautions.
“If your computer has such a port, an attacker who has short physical access to it can read and copy all of your data, even if your drive is encrypted and your computer is locked or in sleep mode,” Ruytenberg said in the report . He called the hacking technique “Thunderspy”.
Intel says that if users take normal security precautions and don’t leave their computers in a place that a hacker could access for even a few minutes – even if they have encrypted drives – they shouldn’t worry about this type of drive.
While the Thunderspy attack is technically possible on many computers with a Thunderbolt connection, the hacker must have physical access to the computer for a few minutes – enough time to unscrew the back of a laptop, connect a device to the Thunderbolt and overwrite it the security features on the back of the laptop and then access the data on the computer.
Most people probably don’t have enough valuable data on their computers for a hacker to attempt such a targeted attack. Even beyond Thunderspy, security experts have long warned of risks that could arise if a hacker were given physical access to a computer.
The underlying vulnerability, identified by Ruytenberg’s Thunderspy technique, is the same as that fixed by this mitigation tool, Byrant said in the post. The company added that Ruytenberg did not demonstrate successful attacks against machines with the DMA tool enabled.
However, Ruytenberg pointed out that systems released before 2019 and some newer systems without kernel DMA protection enabled could still be vulnerable to a Thunderspy attack. He released a free, open source tool that users can use to determine if their computers are at risk. Users can also contact their device manufacturers to find out whether kernel DMA is enabled on newer devices.
“For all systems, we recommend that you follow standard security practices, including using only trusted peripherals and preventing unauthorized physical access to computers,” said Bryant of Intel. “As part of the Security First Pledge, Intel will continue to improve the security of Thunderbolt technology.”