Cyber Security Specialistsreported bad news for users of computers supporting the Thunderbolt standard. Experts have identified an interface vulnerability that allows attackers to hack a computer in a few minutes, even if the device is locked. Information security experts at Eindhoven University of Technology believe that all laptops with Thunderbolt, released before 2019 and without Kernel Direct Memory Access Protection, are vulnerable.
However, there is good news. To hack into a computer, a hacker will need to gain physical access to a laptop. Experts from Eindhoven found that hacking and opening access to data on a computer takes no more than five minutes, even if the device is password protected and the media is encrypted. The technical equipment necessary for hacking can be purchased at a regular computer store and costs no more than a few hundred dollars. Computers affected by the vulnerability run under Windows and Linux operating systems, and for macOS devices, such a vulnerability is only “partially” dangerous.
In a YouTube video, an expert fromEindhoven University Björn Ruitenberg described in detail the hacking process using the Lenovo ThinkPad laptop purchased in 2019 as an example. The specialist hacked a laptop protected by a password and in sleep mode. First of all, Bjorn dismantled the back panel of the laptop and connected a special device to the motherboard. Then he used his own laptop, with the help of which he made an attack, having previously disabled the protection of the hacked laptop. The video was shot in real time and demonstrates that all the work took an expert a little more than 5 minutes.
This is not the first time with Intel Thunderbolt technologyidentify vulnerability. This is explained by the basic principle on which the interface is based: direct access to the computer's memory, which in turn provides a high data transfer speed - the main advantage of the technology. So last year a vulnerability was discovered called Thunderclap, which allowed hackers to hack a computer using a simple device with USB-C or DisplayPort connectors. It is possible that this fact led to the fact that Microsoft refused to use the Thunderbolt interface on Surface laptops.
Ruitenberg also states that the identifiedthe vulnerability cannot be fixed by adjusting the software. Hardware changes required. Meanwhile, Intel notes that the main problem of Thunderbolt has long been known and was eliminated after the update in 2019. Experts, in turn, note that the Kernel Direct Memory Access Protection introduced last year was not widespread. So today, experts have not found a single Dell laptop equipped with Kernel Direct Memory Access Protection Protection, and only a few HP and Lenovo models have such protections.
Ruytenberg himself advised users to disableThunderbolt in BIOS, encrypt data and turn off the computer completely, in case you have to leave it unattended. The dedicated Spycheck app will help you assess how vulnerable your laptop is to this vulnerability. The intention of USB 4 developers to implement Thunderbolt 3 technology also requires a detailed study of the vulnerability of computers that will use these standards.