Security researcher Björn Ruytenberg has revealed that attackers can steal data from Thunderbolt-equipped PCs and Linux computers in just a few minutes. Using a relatively simple technique called “Thunderspy”, attackers with physical access to a computer could easily steal data even if it is locked or encrypted.
Thunderbolt ports offer extremely fast transfer speeds by allowing direct access to a PC’s memory, which leaves it exposed vulnerabilities. It was previously believed that disallowing access to untrusted devices or disabling Thunderbolt altogether could mitigate this weakness but Ruytenberg’s attack method is able to get around those safety measures.
His method works by changing the firmware controlling the Thunderbolt port, letting any device access it and what’s worse, the hack is untraceable.
However, this attack is more likely to target high-profile organizations or offices as it requires nearly $400 worth of gear and the needed technical skills and knowledge. Not only does the attacker need physical access to the PC, but they also need to:
Unscrew the backplate, attach a device momentarily, reprogram the firmware, and reattach the backplate. All of this can be done in under 5 minutes.
Intel has said that the attack does not work on computers with Kernel DMA protection enabled, which most recent computers have in place. However, the chipmaker encourages everyone to maintain security practices and keep their devices up to date nonetheless.