Almost all laptops and desktops released before 2019 are affected by a severe hardware flaw affecting the Thunderbolt port.
Researchers at the Dutch University of Eindhoven uncovered a hardware security breach in the Thunderbolt using the Thunderspy hack tool they developed.
The protections put in place by Intel for the Thunderbolt did not resist. And the vulnerability in question is impossible to correct by a software update.
PCs with a Thunderbolt port and which date from before 2019 can in practice have their data hacked in 5 minutes, without leaving a trace. However, this still requires physical access to the machine in question.
Computers with DMA (Direct Memory Access) kernel protection are protected. This is the case for only a few PCs from HP and Lenovo. Some MacBooks running macOS are also affected.
The researchers provide a flaw detection tool, which can be downloaded from the thunderspy.io website. If it is present, it is in your interest to keep a watchful eye on your PC, especially if it contains sensitive data.
Thunderbolt port: A security flaw allows to hack all your data in 5 minutes
Thunderspy targets devices with a Thunderbolt port. If your computer has such a port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive has encryption and your computer is off or set to sleep.
Thunderspy is stealth, meaning that you cannot find any traces of the attack. It does not require your involvement, i.e., there is no phishing link or malicious piece of hardware that the attacker tricks you into using. Thunderspy works even if you follow best security practices by locking or suspending your computer when leaving briefly, and if your system administrator has set up the device with Secure Boot, strong BIOS and operating system account passwords, and enabled full disk encryption. All the attacker needs is 5 minutes alone with the computer, a screwdriver, and some easily portable hardware.
We have found 7 vulnerabilities in Intel’s design. And we have developed 9 realistic scenarios how these could be exploited by a malicious entity. This in order to get access to your system, past the defenses that Intel had set up for your protection.
We have developed a free and open-source tool, Spycheck, to determine if your system is vulnerable. If it is vulnerable, Spycheck will guide you to recommendations on how to help protect your system.