Skip to content
  • Home
  • Emerging Technology & News
  • Computer Help
  • Privacy and Security
  • Reimage Windows Repair
The Reimage Blog
Menu
  • Home
  • Emerging Technology & News
  • Computer Help
  • Privacy and Security
  • Reimage Windows Repair
Facebook Twitter
Home  /  Privacy and Security  /  New Thunderbolt flaw lets hackers bypass security features in five minutes
PostedinPrivacy and Security Posted on May 11, 2020

New Thunderbolt flaw lets hackers bypass security features in five minutes

Posted By Kylee.Campanella

It requires physical access and affects any PC made before 2019

In brief: If your laptop somehow makes its way into hackers’ hands, will the login screen and hard disk encryption keep its contents safe? You might imagine so, but if it’s got a Thunderbolt port, you could be in trouble.

Boasting 40Gbps transfer speeds, as well as the ability to power devices and connect to 4K peripherals, Intel’s Thunderbolt interface works by offering more direct access to a computer’s memory compared to other ports.

One drawback with Thunderbolt 3 is its security issues; Microsoft says you won’t find the port on Surface devices because it’s insecure.

Surfaces don't have Thunderbolt because its insecure 🙃 pic.twitter.com/lb7YYOOQ4Y

— WalkingCat (@h0x0d) April 25, 2020

It was last year revealed that a series of security flaws named Thunderclap allowed a hacker with a malicious USB drive to exploit Thunderbolt’s direct memory access, bypassing all of a computer’s security measures.

It’s possible to protect against Thunderclap by disallowing access to untrusted devices or turning off Thunderbolt altogether, but a new attack can circumvent even those measures.

As reported by Wired, Eindhoven University of Technology researcher Björn Ruytenberg has revealed a new attack he’s named Thunderspy, which can bypass the login screen of sleeping or locked Thunderbolt-enabled computers. It works on both Windows and Linux PCs manufactured before 2019 and can even bypass hard disk encryption.

The technique, which takes less than five minutes, relies on an attacker having alone time with a device, which is known as an “evil maid attack.”

“All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop,” says Ruytenberg

To prevent the previous Thunderclap attack, Intel created Kernel Direct Memory Access Protection, which also prevents Thunderspy. But there’s no Kernal DMA Protection on computers manufactured before 2019, and its implementation is spotty on devices made from 2019 or later. Only a few HP and Lenovo models from 2019 or later use it, and researchers couldn’t find Kernel DMA Protection on any Dell machines. It should be noted that Apple’s MacOS computers are unaffected.

You can see the attack, which involves opening up a laptop, performed in the video above. The SPI programmer device rewrites the Thunderbolt controller’s firmware, turning off its security settings.

“I analyzed the firmware and found that it contains the security state of the controller,” Ruytenberg says. “And so I developed methods to change that security state to ‘none.’ So basically disabling all security.”

The method uses around $400 worth of equipment, but also requires an SPI programmer device and a $200 peripheral for carrying out the direct memory attack. Ruytenberg believes the entire setup could be built into a single device for around $10,000. “Three-letter agencies would have no problem miniaturizing this,” he said.

After being informed of the attack, Intel noted that that Kernel DMA Protections prevent it. The company also recommended, “the use of only trusted peripherals and preventing unauthorized physical access to computers.”

The best preventative measure, of course, is to ensure hackers don’t end up with physical access to your computer.

You can check if your machine is vulnerable to Thunderspy using this free tool created by Ruytenberg.

Source: https://www.techspot.com/news/85170-new-thunderbolt-flaw-hackers-bypass-security-features-five.html

Tags: Hacking Security Thunderbolt
Share on Facebook Share on Twitter
Previous Article
The original vision for Windows 10 included hundreds of millions of mobile devices. Credit: Microsoft Corporation
Windows 10 at five: Don’t get too comfortable, the rules will change again
Next Article
iPhone SE 2020 vs. iPhone X comparison: Is a cheaper, refurbished iPhone X better?

About Author

Kylee.Campanella

Related Posts

  • Generative AI brings new risks to everyone. Here’s how you can stay safe

    May 12, 2023
  • Enhancing Email Security: Gmail Introduces Blue Verification Checks

    May 10, 2023
  • Cybercriminals Shift from Dark Web to Deep Web

    April 14, 2023
Scan Now

Categories

  • Business
  • Computer Help
  • Emerging Technology & News
  • Privacy and Security
  • Reviews

Reviews

Reimage Social

Security

Popular Posts

  • PCWorld calls Reimage “A Fantastic Repair Utility “ July 26, 2011 Reviews
  • 4 Ways to Keep the Ghouls & Goblins Away From Your PC October 26, 2010 Archive
  • The PC Key to Happiness – A Properly Maintained OS September 2, 2010 Archive
  • Google says hacked websites were attacking iPhones for years September 12, 2019 Privacy and Security

Random Posts

  • Apple, Samsung or Google: Which 5G phones have the best download speeds? April 1, 2021 Reviews
  • Social Networks Users Have Higher Exposure to Malware May 13, 2009 Archive
  • McAfee sells its enterprise business to private equity group as it focuses on consumer security March 24, 2021 Business
  • Android 12 cheat sheet: Everything you need to know June 11, 2021 Reviews
© Copyright 2019
We use cookies to ensure that we give you the best experience on our website.Ok