New vulnerability affects computers with Thunderbolt ports made before 2019, and cannot be patched
A new security vulnerability discovered with the Thunderbolt ports of computers means hackers could steal your data, even from an encrypted hard drive, in just five minutes.
That is the claim of Bjorn Ruytenberg, a Netherlands-based computer security researcher who discovered a flaw with the Thunderbolt port, which he calls Thunderspy. Thunderbolt ports offer fast data transfer speeds because they grant devices like external hard drives access to the computer's RAM, but this feature is where the vulnerability was discovered.
Detailed on his website, the flaw means hackers could gain access to all of the data held on a computer, providing they have just five minutes alone with the machine. Such attacks are known as 'evil maid attacks,' as they imagine a situation where a computer is left unattended, in a hotel room for example.
The attacker needs physical access to the computer as, according to Ruytenberg, they need to open the computer with a screwdriver and attach some "easily portable hardware" worth around $400, before the hack can take place. After that, they can gain access to everything stored on the computer, even if it is encrypted, providing it has been left in a locked or sleeping state (instead of being fully powered down).
Because the hack leaves no trace, the victim would have no idea that their computer had been accessed and their data stolen.
The hack requires physical access, but cannot be patched Getty Images/iStockphoto
Ruytenberg writes: "Thunderspy works even if you follow best security practices by locking or suspending your computer when leaving briefly and if your system administrator has set up the device with Secure Boot, strong BIOS and operating system account passwords, and enabled full disk encryption."
It is claimed the flaw is present on computers made by the likes of HP, Dell and Lenovo before 2019, when Intel introduced a Thunderbolt security system called Kernel Direct Memory Access Protection. Apple computers are also affected, but only if they are running Windows using Boot Camp. The researcher said the flaw cannot be fixed with a software update.
Intel said in a statement: "This attack could not be successfully demonstrated on systems with Kernel DMA protection enabled. As always, we encourage everyone to follow good security practices, including preventing unauthorized physical access to computers."
Ruytenberg has created a free tool to identify whether your computer is at risk from Thunderspy, called Spycheck. The tool also recommends ways to help protect your computer if it is found to be vulnerable.
The security research says he revealed his findings to Intel on February 10. The company responded a month later to say it had confirmed the existence of the vulnerabilities, and since then both Intel and Ruytenberg have informed affected parties, such as computer manufacturers, about the issue.
NORTON CORE by Symantec Model 517 High Performance Secure Wi-Fi Wireless Router Built-in Network, Device and Antivirus Security, Smart Parental Controls - Titanium Gold