If you have Windows or Linux system with Thunderbolt port, this new vulnerability put your device in danger. According to a new security report, the Thunderbolt port running on Windows and even Linux devices has a flaw that could allow hackers to enter your machine in around five minutes.
If your computer has such a (Thunderbolt) port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep.” This has been written by security researcher Björn Ruytenberg from the Eindhoven University of Technology in this post. This form of attack is called Thunderspy.
As per Bjord, Thunderspy doesn’t need the hacker to push a malware-laden mail to the user, instead, they just need five minutes physical access to the Windows or Linux laptop which will enable them to access the main hard drive of the system, that too without unlocking the device.
“It does not require your involvement, i.e., there is no phishing link or malicious piece of hardware that the attacker tricks you into using,” Bjorn adds. To help people check if their system is vulnerable, Bjorn and his team have created an open-source tool called Spycheck that will provide them with a set of recommendation to protect their system.
Thunderbolt port is a patented technology belonging to Intel, and over the years, Apple MacBook users have preferred the port to make data transfer among others. Interestingly, Thunderspy doesn’t affect MacBooks with Thunderbolt port, which raises questions about the security parameters set by manufacturers of Windows machines like HP and Dell among others. That said, the hacker needs physical access to the device to make Thunderspy possible. So it’s highly advisable that users of Windows PCs should ideally enable hard drive encryption.
Intel has confirmed the issue but it also mentions that all devices vulnerable to Thunderspy have been fixed. “In 2019, major operating systems implemented Kernel Direct Memory Access (DMA) protection to mitigate against attacks such as these. This includes Windows (Windows 10 1803 RS4 and later), Linux (kernel 5.x and later), and MacOS (MacOS 10.12.4 and later),” Intel said in this post. It also pointed out that users can check here to see if their device manufacturers have rolled out the DMA protection.