For years experts in a cyber security course have feared the emergence of a vulnerability that could be exploited in a matter of minutes. In this regard, a researcher has just demonstrated how this variant of physical access hacking can be deployed against a very common resource: Intel’s Thunderbolt port, which is located on millions of devices.
A Dutch institute researcher Bjorn Ruytenberg has revealed the details of Thunderspy, a new attack variant against Windows and Linux systems that are enabled for the use of Thunderbolt and manufactured before 2019. Using this method, hackers can bypass the login screen of a locked computer, and even hard drive encryption, to gain full access to the affected device.
While in some cases this attack requires opening a laptop’s case with a screwdriver, the process leaves no trace of intrusion and can be completed in just a few minutes. Experts in the cyber security course know this variant as “evil maid attack”, as it requires the attacker to have time alone with a target laptop (in a hotel room, for example).
“After removing the back casing from the laptop, the attacker should only connect it to a device momentarily, reprogram the firmware and reposition the case, which will complete the attack,” Ruytenberg says. In addition, the expert ensures that there is no easy-to-implement solution in addition to disabling the target port.
Due to its features, experts in the cyber security course have expressed concern about potential attacks against the Thunderbolt port. In addition, a set of Thunderbolt component failures, revealed by a group of researchers, demonstrated that by connecting a malicious device on a computer’s Thunderbolt port, threat actors can bypass all security measures enabled on the target device.
Manufacturers have begun to speak out. HP, for example, mentions that its products are protected from attacks via the Thunderbolt port. Moreover, Lenovo mentions that its security teams are evaluating these new reports, while Dell mentions that its customers only need to follow security policies at their respective companies or homes to keep their devices safe.
Finally, Ruytenberg points out that the flaws he encountered extend to Intel hardware and cannot be solved with software updates. For further reports on vulnerabilities, exploits, malware variants and computer security risks you can access the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
