Thunderbolt Vulnerability Allows Hacking In Just Five minutes, Leaves Millions Of PCs At Risk

Update: Intel has responded to the Thunderbolt Thunderspy hack. "Please check with your system manufacturer to determine if your system has these mitigations incorporated. For all systems, we recommend following standard security practices, including the use of only trusted peripherals and preventing unauthorized physical access to computers," Intel said in a blog post.

PCs and Linux computers with Thunderbolt are in trouble. Even if the computers are locked and data encrypted, these systems can easily be hacked and steal data in just five minutes. The report comes from security researcher Björn Ruytenberg, published in the Wired that highlights how Thunderbolt systems are in imminent danger.

What Is Thunderbolt?

Thunderbolt is a hardware interface developed by Intel that connects external peripherals to a computer. It offers seamless and fast transfer speeds by giving direct access to the PC memory. Of course, this naturally creates numerous vulnerabilities, dubbed as Thunderclap. Researchers thought that users could disable and not allow access to untrusted devices, but allowing DisplayPort and USB-C access.

Thunderbolt Vulnerability Discovered

But now, the report published in Wired describes Ruytenberg's attack method and how people with malicious intent could get around these settings and change the firmware controls, with a process called 'evil maid attack'. The report shows how hackers can allow access to any device without leaving any trace of their presence. In the end, the PC user wouldn't even know that their system was accessed.

"All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop," Ruytenberg said. What's more, all of this can be achieved in under five minutes. With hack gear costly roughly $400, hackers can easily gain access via Thunderbolt.

What Is Intel's Response?

Intel recently came up with a Kernel Direct Memory Access Protection. This security system is believed to restrict Ruytenberg's Thunderspy attack. However, the system works on laptops and systems made in 2019 and later, which means older PCs are still in danger. Plus, devices from Dell, HP, and Lenovo developed in 2019 and later aren't protected either.

This brings us back to square one, where are many PCs are still at risk. Presently, Microsft Surface laptops are out of risk as Microsoft skipped the Thunderbolt feature altogether. Apple computers are also safe, but might be at risk if they're running Boot Camp. The best advise Ruytenberg gives is to Thunderbolt users is to avoid leaving their system unattended while powered on, even if the screen is locked.