It looks like a movie scene, but it is already reality: you have your notebook and you are distracted for a few moments, while someone else plugs a connector into your device and steals your information in minutes.
This is possible thanks to serious security breaches related to the design of the Thunderbolt, a connection interface from Intel used on Macs and PCs which has good and bad sides. Positively, Thunderbolt allows faster transfers by connecting directly to the machine's memory; on the bad side, it is precisely for this reason that it allows malicious agents to develop techniques to circumvent the security resources of systems in order to access (and steal) information without major difficulties.
One of these flaws (or rather seven) was discovered by the researcher Bjrn Ruytenberg, who named it Thunderspy. In short, it allows an attacker to access a machine even when it is locked and with the encrypted drive (s).
THE Thunderspy targets devices with a Thunderbolt port. If your computer has this port, an attacker who gains physical access to it can read and copy all of your data, even if your drive is encrypted and your computer is locked or set to sleep.
As if the possibility of accessing all data on a device were not enough, these attacks also leave no trace; that is, it is practically impossible to know if your machine was tampered with after the break-in.
Ruytenberg published a video showing how an attack was carried out; in it, the researcher disassembles the chassis of a ThinkPad, from Lenovo, connecting a device inside the notebook. It then connects another machine to the target via the Thunderbolt port and then accesses the device (password protected) in a matter of minutes. According to the researcher, the tools needed for this attack cost no more than 400 (~ R $ 2,500).
Although Macs have been offering Thunderbolt connectivity since 2011, the researcher says they are only "partially affected" by the Thunderspy if they are running macOS however, they are even more vulnerable running Windows through Boot Camp.
It is worth noting that Microsoft has already developed a tool to protect certain PCs from this type of attack (Proteo DMA kernel), but the WIRED reports that this protection was not implemented universally. MacOS is more susceptible to BadUSB attacks, which allow a USB device to take control of a computer, steal data or spy on the user.
The researcher said he informed both Intel and Apple about the vulnerabilities, but he anticipates that a software fix is unlikely since the flaws are present in the Thunderbolt controller chips ie a hardware problem.
The researcher also raises concerns about the exploitation of this flaw, saying that three-letter agencies would have no problem in miniaturizing the equipment needed to use it.
Although there is no way to fix the vulnerability on affected computers (find out if yours is on the list with the Spycheck tool, available on this website), there are two alternatives to mitigate possible theft of information from your machine: disable Thunderbolt completely, through your machine's operating system settings, or allow only trusted devices / accessories to connect to your computer's port.
Finally, it is likely that the (thriving) specification USB4, announced just over a year ago, is also vulnerable to the same problem for the simple fact that it is basically the same as Thunderbolt 3. Therefore, we will hope that the manufacturers pay attention to this problem in their future releases.
via The Verge