Hackers Can Get into Millions of PCs Due to Thunderbolt Flaws
Hackers need to get their hands on the physical computer or device, but once they do, it only takes them five minutes to get into them with a technique called Thunderspy.
The information was first reported by Wired.
Thunderbolt and Thunderspy
As per Wired's report, security experts had previously warned that if a computer is left with a hacker for mere minutes, it should be considered compromised.
Now, a new demonstration led by Björn Ruytenberg, a researcher at the Eindhoven University of Technology in the Netherlands, shows how a physical attack by a hacker can be pulled off just by using a very common component found in millions of PCs: the Intel Thunderbolt port.
Ruytenberg demonstrated the attack method, which he named Thunderspy, which bypasses the login screen, as well as the hard disk encryption of a sleeping or idle Linux PC or Windows computer manufactured prior to 2019, in order to gain complete access to the device's data.
This new technique leaves no trace of intrusion and can be completed in under five minutes. That said, the attack usually requires a screwdriver, as the hacker needs to first open the computer physically.
According to experts, this new technique opens another avenue in what security experts call an "Evil-Maid-Attack." This type of attack is when hackers breach a computer, which has no easy software fix aside from entirely disabling the Thunderbolt port, as per Ruytenberg.
"All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop," explained Ruytenberg. "All of this can be done in under five minutes."
It sounds worryingly simple, and Ruytenberg plans on presenting his Thunderspy study this summer at the Black Hat conference in more detail.
In the meantime, you can view the researcher's method of hacking into a PC in his demo, here: