Threat Watch

Thunderbolt Security Flaw

Security researcher Bjorn Ruytenberg revealed a new method to breach computers via the Thunderbolt 3 interface, affecting many Windows, Mac and Linux systems made before 2019. The attack requires physical access to the computer, but can access data even if the computer’s disk is fully encrypted. Thunderbolt 3 is a fast data interface with an oval shaped port compatible with USB-C connectors that was first embraced by Apple in 2011 and later by some Windows PC manufactures. It has become very popular for multipurpose connections. A single Thunderbolt plug can connect power, external displays, network adaptors, storage systems, and a multitude of other peripherals. Ruytenberg stated that there are seven vulnerabilities uncovered in the Thunderbolt design but only in computers made before 2019. Intel stated a Kernal Direct Memory Access (DMA) protection was designed to thwart “Thunderspy” type attacks but was not implemented in computers made before 2019. All an attacker would need is is “5 minutes alone with the computer, a screwdriver, and some easily portable hardware” according to Ruytenberg.

ANALYST NOTES

Having physical access to someone’s computer can provide a multitude of benefits to an attacker. Thunderspy, if carried out quickly, can give them access to the data even if the system is fully encrypted and the screen is locked, as long as it is powered on and its owner had logged in before locking or suspending it. Computers also bring a premium if stolen. Even for computers not affected by the Thunderbolt vulnerabilities, the data on a stolen computer can be accessed. With enough time, an attacker can crack the password and then have complete access to anything stored on the PC, such as passwords, files, banking information, etc. Computer owners are highly recommended to restrict physical access to their computer, enable full disk encryption, choose a strong password, and to use only trusted peripherals that connect to their system.

To read more: https://www.cnet.com/news/thunderbolt-flaws-may-leave-pcs-vulnerable-to-physical-hacks/
https://thunderspy.io