NEW DELHI: Security researcher Björn Ruytenberg has found a flaw in the security protocols of Intel’s Thunderbolt ports for laptops, which can allow an attacker to bypass login screens of a Windows or Linux-based computer. The Thunderbolt port is found in millions of laptops and PCs worldwide and allows fast data transfer speeds from external devices. The researcher is calling the attack Thunderspy.
Ruytenberg’s hack isn’t the same as most other security loopholes though. It’s complex and requires physical access to a device. It also needs the attacker to have a few hundred dollars worth of equipment, which though easy overseas, would be significantly expensive for someone in India. Essentially, it means that unlike many malware or spyware, you need an attacker to be pretty motivated in order to use such a tool.
That doesn’t mean the hack shouldn’t be taken seriously though. Ruytenberg noted that there’s no easy software fix for the hack and it allows an attacker to overrule a computer’s lock screen, giving them full access to the device. That could be a big problem since Thunderbolt ports are found in most modern PCs, many of which are used by government employees and others with sensitive information.
The researcher found nine “practical exploitation scenarios” and has published a video on YouTube, showing how the hack works. It involves unscrewing the back panel of a laptop and gaining access to the Thunderbolt controller, which lets the attacker rewrite the firmware for Intel’s tech. It’s not a very long process and an attacker can carry out the hack even if a laptop is left unattended in a public space for a few minutes.
“All Thunberbolt-equipped systems shipped between 2011-2020 are vulnerable,” the researcher said in his blog post. He has recommended a free and open source tool his team has developed, called Spycheck, that verifies whether systems are vulnerable to Thunderspy. The tool will guide users on how to protect themselves, if their computers are found to be vulnerable.
