A new flaw called Thunderspy was found by Security researcher Björn Ruytenberg in the security protocols of Intel’s Thunderbolt ports.
This can allow the hacker to bypass the login screen and its hard disk encryption to gain full access of Windows or Linux-based computers. The Thunderbolt port is found in millions of laptops and PCs worldwide and allows fast data transfer speeds from external devices.
Thunderspy is a type of security vulnerability that can result in an evil maid attack (i.e., where hacker attacks unattended devices). For this attack, the hackers need physical access to the computer.
Ruytenberg states,”All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop,”
Hackers can gain full access to the information with only few minutes alone time with the computer, without leaving any trace of intrusion. It may affect millions of computers manufactured before 2019, and some after that.
Computers purchased before 2019 do not have a fix available. Those purchased after 2019 should check if their system supports Kernel DMA Protection to mitigate the vulnerability.
Intel has a security mechanism known as Kernel Direct Memory Access Protection, which prevents Ruytenberg’s Thunderspy attack. Many Thunderbolt peripherals made before 2019 are incompatible with Kernel DMA Protection.
Dell machines, including those from 2019 or later do not have the Kernel DMA Protection, and a few HP and Lenovo models from 2019 or later use it. Computers running Apple’s MacOS are unaffected.
Ruytenberg states that the flaws he found extend to Intel’s hardware and can’t be fixed with a mere software update. He says, in order to be fully protected, users may disable their Thunderbolt port altogether in their computer’s BIOS, though the process of doing so will be different for every affected PC. In addition to disabling Thunderbolt in BIOS, users will also need to enable hard disk encryption and turn their computers off entirely when unattended.