Thunderbolt Ports Vulnerable To Hackers

A security researcher has documented a flaw with the Thunderbolt port found on some computers, that can be hacked to allow attackers access to the hard disc drive (HDD), even if it is encrypted.

The attack, dubbed ‘Thunderspy’ was found by Björn Ruytenberg and concerns the hardware of the port, irrespective of the operating system used by the computer.

However it should be noted that the attackers would need to have physical access to the computer to exploit the vulnerability, begging the question of how serious the flaw will be in the real world.

Thunderspy exploit

“Thunderspy targets devices with a Thunderbolt port,” wrote Ruytenberg. “If your computer has such a port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep.”

Ruytenberg warned that Thunderspy works even if a user has followed best security practices by locking or suspending their computer when leaving briefly, and if the system administrator has set up the device with Secure Boot, strong BIOS and operating system account passwords, and enabled full disk encryption.

“All the attacker needs is 5 minutes alone with the computer, a screwdriver, and some easily portable hardware,” noted Ruytenberg. “We have found 7 vulnerabilities in Intel’s design and developed 9 realistic scenarios how these could be exploited by a malicious entity to get access to your system, past the defenses that Intel had set up for your protection.”

Ruytenberg said he has developed a free and open-source tool, Spycheck, to determine if a person’s system is vulnerable.

A video of the exploit in action can be found here.

Ruytenberg said that all Thunderbolt-equipped systems shipped between 2011-2020 are vulnerable, although systems shipped from 2019 that come with Kernel DMA Protection are only partially vulnerable.

Intel is apparently increasing the security of its controllers going forward.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Open Source Groups Warn Of Ongoing Attacks

Open source groups warn of sophisticated social engineering attacks targeting JavaScript and other critical projects

9 hours ago

Hong Kong Approves Bitcoin, Ether ETFs

Hong Kong financial regulator approves exchange-traded funds for Bitcoin, Ether as it seeks to become…

10 hours ago

Trump Media Shares Buckle Over Secondary Offering Plans

Shares in Donald Trump's social media company Trump Media plummet on Monday after company announces…

10 hours ago

Apple Loses Smartphone Crown To Samsung Amidst China Pressure

Apple cedes top smartphone sales spot back to Samsung in first quarter as China sales…

11 hours ago

Apple’s Tim Cook Visits Vietnam Amidst China Troubles

Apple chief Tim Cook visits Vietnam as company seeks to expand consumer sales, diversify manufacturing…

11 hours ago

US Awards $6.4bn To Samsung For Expanded Texas Chip Production

US awards $6.5bn to Samsung Electronics under Chips Act as it seeks to expand domestic…

19 hours ago