Home / Technology / A Thunderbolt vulnerability in millions of computers enables a dangerous (but unlikely) attack

A Thunderbolt vulnerability in millions of computers enables a dangerous (but unlikely) attack

Björn Ruytenberg, a researcher at the University of Eindhoven in the Netherlands, identified a security vulnerability in Thunderbolt port that could allow a hacker to enter a computer in a few minutes and access all of its data, even if the owner of the computer has security has taken precautions.

“If your computer has such a port, an attacker who has short physical access to it can read and copy all of your data, even if your drive is encrypted and your computer is locked or in sleep mode,” Ruytenberg said in the report . He called the hacking technique “Thunderspy”.

“Thunderspy is stealth, which means you can’t find any traces of the attack,”
; he said. In contrast to other types of attacks such as phishing, the attack does not require any involvement of the computer user.
Developed by Intel (INTC) In 2011, the Thunderbolt port enables fast data transmission. It is present on many PC and Apple laptops and – increasingly – some desktops. Although Intel recently developed a tool to address port security concerns, it’s not available on computers built before 2019.
Ruytenberg demonstrated the attack, which lasted only about five minutes, in a YouTube video that was released along with the report.

Intel says that if users take normal security precautions and don’t leave their computers in a place that a hacker could access for even a few minutes – even if they have encrypted drives – they shouldn’t worry about this type of drive.

While the Thunderspy attack is technically possible on many computers with a Thunderbolt connection, the hacker must have physical access to the computer for a few minutes – enough time to unscrew the back of a laptop, connect a device to the Thunderbolt and overwrite it the security features on the back of the laptop and then access the data on the computer.

Most people probably don’t have enough valuable data on their computers for a hacker to attempt such a targeted attack. Even beyond Thunderspy, security experts have long warned of risks that could arise if a hacker were given physical access to a computer.

A group of security researchers identified several security vulnerabilities related to Thunderbolt ports last year. In response, Intel developed a tool called Kernel Direct Memory Access (DMA) to ward off such attacks, which was implemented in the major operating systems of Windows, Linux, and Mac in 2019, said Jerry Bryant, Intel’s communications director for product safety and security in a blog post Sunday .

The underlying vulnerability, identified by Ruytenberg’s Thunderspy technique, is the same as that fixed by this mitigation tool, Byrant said in the post. The company added that Ruytenberg did not demonstrate successful attacks against machines with the DMA tool enabled.

However, Ruytenberg pointed out that systems released before 2019 and some newer systems without kernel DMA protection enabled could still be vulnerable to a Thunderspy attack. He released a free, open source tool that users can use to determine if their computers are at risk. Users can also contact their device manufacturers to find out whether kernel DMA is enabled on newer devices.

“For all systems, we recommend that you follow standard security practices, including using only trusted peripherals and preventing unauthorized physical access to computers,” said Bryant of Intel. “As part of the Security First Pledge, Intel will continue to improve the security of Thunderbolt technology.”

Source link