According to cybersecurity investigator Bjrn Ruytenberg, all computer brands prior to 2019 are vulnerable to attacks through Thunderbolt. If hackers have physical access to the computer, they can read and copy all files and data, even if the disk is encrypted and the computer is locked and in hibernation.
The expert explains the attack on his blog, which he called Thunderspy, which takes less than five minutes to complete. Silent access, so users do not find any trace of attacks. And there is no need for any interaction with users, either through phishing links. All the hacker needs is five minutes with the computer, a screwdriver and portable hardware ", stresses the researcher.
Due to the rapid transfer of Thunderbolt, due to the direct access to the PC's memory, the expert says that this also opens up several vulnerabilities. Previously, it was thought that these failures could be mitigated by removing permissions to access unreliable equipment or by turning off the Thunderbolt port, but allowing access to DisplayPort and USB-C.
The method presented by Bjrn Ruytenberg manages to get around these definitions, just by changing the firmware that controls the input of Thunderbolt, which opens the access of any equipment, without leaving a trace. Obviously, these attacks take place in scenarios where laptops are left unattended at events or even in hotel rooms, and can be used in scenarios such as industrial espionage, for example. The specialist even says that the equipment used for hacking can be obtained for a few hundred dollars, but three letter agencies could easily miniaturize them, in a CIA and FBI allusion, for example.
In this sense, the attacker only needs to unscrew the protection cover, connect a firmware reprogramming equipment, put the cover back on, and have access to the computer, as explained by the specialist Wired, in a process that takes less than five minutes to complete. See the demonstration on a Lenovo ThinqPad laptop on the video.
On the blog explained that a free and open source tool is available to check if the system is vulnerable, and if so, they cannot be corrected through software updates, but recommendations are given on how to protect yourself. However, some prevention tips are left, such as connecting only your own Thunderbolt peripherals; never lend them to anyone; avoid leaving the computer unattended, even if it is locked; avoid using suspend mode.