Thunderbolt Flaw Allows Hackers Access to Data Within Minutes

Last Sunday, May 10, 2020, a Dutch security researcher published a report warning individuals that possible attacks may occur via a critical and common computer component: the Intel Thunderbolt. If exploited, the said port could make millions of computer systems around the globe vulnerable.

According to ZD Net, Dutch security researcher Björn Ruytenberg from the Eindhoven University of Technology found the flaw in the Intel Thunderbolt. He called the new method of attack as Thunderspy.

Under the Thunderspy attack, Thunderbolt-enabled systems, such as computers from Windows or Linux manufactured prior to 2019 can be bypassed within minutes even with security practices and measures in place. This allows hackers to gain access to the full computer data.

Thunderbolt Flaw

Although The Verge emphasizes the need for malicious attackers to get within physical distance in order to exploit the said flaws, these individuals could gain access to the said information within five minutes. This scenario already takes into account having password protection and harddrive encryption.

Apart from a number of Windows 10 OEMs, most of Apple Mac computers have since adopted this technology since 2011.

ZD Net states the Thunderbolt technology makes it vulnerable to possible Thunderspy attacks primarily because the Thunderbolt controller itself provides outsider access to the system memory of the computer. The connection to its peripheral port reportedly makes this possible says the news site.

While the Thunderbolt flaw bears similarities to that of the Thunderspy attack, the main difference is that the former mainly makes users believe that they are using or relying on a capable device, when in fact, there is a malicious code or device within.

Ruytenberg states that Intel issuing a patch may not be altogether possible. Rather, a complete hardware overhaul should be considered to address the vulnerability.

Intel responded to the report by Ruytenberg, saying the flaw was not new to them and was indeed addressed in the past year. However, in a statement, the company acknowledged that there have been new events which showed that their system was not equipped with the coming of a physical attack.

In a statement, Intel said, “the researchers demonstrated new potential physical attack vectors using a customized peripheral device on system that did not have these mitigations enabled.” Intel, notes, however, that it has enacted necessary DMA protection.

Despite these claims, Wired reveals that the Kernel Direct Memory (DMA) protection changes Intel said it has implemented does not ring true for all of its systems around the world.

To prevent hacking incidents and to further protect personal information, Wired says the only sensible course of action is to upgrade computer systems that are equipped with DMA Protection.