Researchers have uncovered a flaw in the ubiquitous Intel Thunderbolt port that could allow hackers to break into affected devices in a matter of minutes.
The vulnerability is found in millions of Windows and Linux PCs manufactured before 2019 and can be used by an attacker with physical access to the device to circumvent both password protection and hard disk encryption.
Uncovered by security researcher Björn Ruytenberg of the Eindhoven University of Technology, the physical access attack – which he refers to as Thunderspy – can scrape data from the target machine without leaving so much as a trace.
The issue reportedly cannot be resolved via a simple software fix – but only by deactivating the vulnerable port.
The newly discovered Thunderbolt vulnerability opens the door to what Ruytenberg refers to as an “evil maid attack” – an attack that can be executed if the hacker is afforded time alone with a device.
“All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop. All of this can be done in under five minutes,” he explained.
According to Ruytenberg, the Thunderspy technique (demonstrated in this video) only requires circa $400 worth of equipment, which can be used to rewrite the Thunderbolt controller’s firmware and override security mechanisms.
The researcher disclosed his findings to Intel in February, as acknowledged by the firm in a recent blog post, in which it also sets out its advice to affected users.
“While the underlying vulnerability is not new and was addressed in operating system releases last year, the researchers demonstrated new potential physical attack vectors using a customized peripheral device,” said the firm.
Intel also stressed that the most widely used operating systems have all introduced Kernal Direct Memory Access (DMA) protection to shield against attacks such as this.
“The researchers did not demonstrate successful DMA attacks against systems with these mitigations enabled. Please check with your system manufacturer to determine if your system has these mitigations incorporated,” the company advised.
Unless you happen to be living with an “evil maid” under quarantine, your device is most likely safe for now. However, Intel has recommended owners of affected devices use only trusted peripherals and do not leave devices unattended for an extended period if possible.