Published in News

Thunderbolt enables hackers hard drive access

by on12 May 2020

All Thunderbolt-enabled PCs manufactured before 2019 affected

Vulnerabilities discovered in the Thunderbolt connection standard could allow hackers to access the contents of a locked laptop’s hard drive within minutes, according to an insecurity researcher from the Eindhoven University of Technology.

Wired reports that the vulnerabilities affect all Thunderbolt-enabled PCs manufactured before 2019.

Although hackers need physical access to a Windows or Linux computer to exploit the flaws, they could theoretically gain access to all data in about five minutes even if the laptop is locked, password protected, and has an encrypted hard drive.

The entire process can be completed with a series of off the shelf components costing just a few hundred dollars. Most worryingly, the researcher says the flaws cannot be patched in software, and that a hardware redesign will be needed to completely fix the problems.

Apple’s Macs have offered Thunderbolt connectivity since 2011, but researchers say that they’re only “partially affected” by Thunderspy if they’re running macOS. The result, the report claims, is that macOS systems are vulnerable to attacks similar to BadUSB. This is a security flaw that emerged back in 2014 which can allow an infected USB device to take control of a computer, steal data, or spy on a user.

Björn Ruytenberg, the researcher who discovered the vulnerabilities, has posted a video showing how an attack is performed. In the video, he removes the backplate and attaches a device to the inside of a password-protected Lenovo ThinkPad laptop, disables its security, and logs in as though he had its password. The whole process takes about five minutes.

Security issues have been raised about Intel’s Thunderbolt tech for a while. In 2019, security researchers revealed a Thunderbolt vulnerability they called “Thunderclap” which allowed seemingly innocuous USB-C or DisplayPort hardware to compromise a device. Security problems like these are reportedly the reason Microsoft hasn’t added Thunderbolt connectors to its Surface devices.

In a blog post responding to the report, Intel claims that the underlying vulnerability is not new, and that it was addressed in operating system releases last year. However, Wired reports that this Kernel Direct Memory Access (DMA) Protection has not been universally implemented.

Ultimately, Ruytenberg says that the only way for users to fully prevent against such an attack is for them to disable their computer’s Thunderbolt ports in their machine’s BIOS, enable hard drive encryption, and turn off their computer when leaving it unattended.


Last modified on 12 May 2020
Rate this item
(0 votes)

Read more about: