A worrying piece of news for PC users has emerged thanks to a discovery made by Björn Ruytenberg, a security researcher from the Eindhoven University of Technology. The issue revolves around a vulnerability in the Thunderbolt connection standard. It reportedly allows hackers to access Windows and Linux systems in about five minutes if they can physically handle the device.
It’s a concerning issue not only for users but also for the future of the Thunderbolt standard. Even more concerning is the fact that the vulnerability cannot be fixed by a software patch.
Not the First Time
Those in touch with the cybersecurity space know that this isn’t the first time Thunderbolt has been questioned. The connection standard offers faster data transfer speeds—but it comes at a cost. To do so, Thunderbolt needs direct access to a computer’s memory.
Last year, researchers uncovered a different vulnerability called “Thunderclap” which allows USB-C and DisplayPort hardware to compromise a device. In response, Intel issued a security fix called Kernel Direct Memory Access Protection. Unfortunately, that protection is only available in devices made in 2019 and later. To make matters worse, researchers note that many Dell, HP, and Lenovo machines made after 2019 don’t use the fix.
This means that there are millions of devices out there that are vulnerable to a Thunderbolt attack. On the bright side, a hacker needs to physically access a device to gain access. While that makes the vulnerability less insidious than one that can be exploited remotely, it is still a huge problem.
Ruytenberg demonstrated how a “Thunderspy” attack can be carried out in about five minutes. After removing the backplate of a computer and attaching a small device made with off-the-shelf parts, a hacker can easily log in as if they have the machine’s password by changing firmware settings related to the Thunderbolt port. From there, it’s possible to steal information, install malware, or spy on a user.
The attack is completely untraceable, meaning that users would have no idea that their information was compromised.
It appears that any machine with a Thunderbolt connector built before 2019 is vulnerable—along with some built later. Mac users have less to worry about as they are only “partially affected” by Thunderspy as long as they are running macOS, according to Ruytenberg.
No Easy Answer
Unfortunately, it doesn’t appear that fixing the Thunderbolt vulnerability will be easy. Nor will it happen quickly.
Ruytenberg says that the only way for users to completely prevent a Thunderspy attack is to disable their computer’s Thunderbolt ports in the BIOS, enable hardware encryption, and turn off their machine when it’s unattended. That’s a lot of work for casual users and a “fix” that likely won’t be implemented by most.
Moving forward, the issue will need to be addressed somehow. Thunderbolt 3 is scheduled to be integrated into the forthcoming USB4 standard. It’s unclear whether this information will affect those plans. Regardless, security researchers note that USB4 peripherals may be vulnerable. They will need testing once they become available.