Security Researcher Björn Ruytenberg at Eindhoven University of Technology has exposed a massive hole in the security of all devices that come with a Thunderbolt port. He revealed that using a relatively simple technique dubbed ‘Thunderspy,’ attackers can retrieve data from these computers within five minutes.
What made Thunderbolt such a massive hit within the computer hardware community is the transfer speed it offers its users. These ports can essentially give devices direct access to a computer’s memory, which makes these extremely fast, when compared to the standard Universal Serial Buses. This direct access to memory also makes the computer vulnerable to many potential security breaches. These security breaches, named Thunderclap, were first thought of as avoidable; researchers suggested simply disabling the Thunderbolt, allowing access only to the DisplayPort or the USB-C devices that plug in.
Ruytenberg has since revealed that even with the Thunderbolt disabled, hackers and attackers can gain access to your data by simply having physical access to your device, a screwdriver, and some “easily portable hardware.” Also, the breach itself does not leave any trace, meaning the user would never know that an attack had ever taken place.
Ruytenberg developed a concept he named, “The evil maid attack.” He said, in his statement, that all the attacker (who, in this case is being referred to as the ‘evil maid’) has to do is, “unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access.” He mentioned that all of this could be done in under five minutes.
This whole attack, Ruytenberg said, could cost the attackers as low as $400. Intel recently announced a Thunderbolt security system, the Kernel Direct Memory Access Protection. The protection it offers, however, is only for devices manufactured in 2019 or later, so devices manufactured and sold before that remain unprotected. There are also a list of HP, Dell, and Lenovo devices manufactured in 2019 or later that the system does not work on.
Apple devices equipped with Thunderbolt do, however, remain unaffected unless they are running Boot Camp.
To protect yourself against the attacks, Ruytenberg suggested that users should ensure the physical safety of their devices and avoid leaving their systems unattended in public areas, “while powered on, even if screenlocked.”