A new report from a Dutch security researcher details a hacking mechanism that targets a common feature of millions of computers: the Thunderbolt port.
Bjorn Ruytenberg, researcher at the University of Eindhoven in the Netherlands, has identified a security breach in the Thunderbolt port that could allow an attacker to gain access to a computer and access all its data in a few minutes even if the owner of the computer has taken safety precautions.
“If your computer has such a port, an attacker with brief access to it can physically read and copy all of your data, even if your drive is encrypted and your computer is locked or paused,” said Ruytenberg in the report. . He dubbed the hacking technique “Thunderspy”.
“Thunderspy is stealthy, which means you can’t find any traces of the attack,” he said. The attack also requires no commitment on the part of the computer user, unlike other types of attacks such as Phishing.
Developed by Intel in 2011, the Thunderbolt port enables fast data transfers. It is found on many PC and Apple laptops and – increasingly – on some desktop computers. Although Intel recently developed a tool to resolve security issues with the port, it is not available on computers manufactured before 2019.
Ruytenberg demonstrated the attack, which lasted approximately five minutes, in a Youtube video published with the report.
For its part, Intel says that if users take normal security precautions and don’t leave their computers somewhere, a hacker could gain access to them even for a few minutes – even if they have encrypted disks – they shouldn’t overdo it. worry about this type of hacker.
While the Thunderspy attack is technically possible on many computers with a Thunderbolt port, it does require the attacker to gain physical access to the computer for several minutes – enough time to unscrew the back panel of a laptop , plug a device into the Thunderbolt and replace security features, reattach the back of the laptop, then access the computer data.
Most people probably don’t have enough valuable data on their computers for a hacker to carry out such a targeted attack. Even beyond Thunderspy, security experts have long warned of the risks that could arise from the ability of a hacker to physically access a computer.
A group of security researchers identified last year several vulnerabilities related to Thunderbolt ports. In response, Intel created a tool called Kernel Direct Memory Access (DMA) to mitigate these attacks, which was implemented in major Windows, Linux and Mac operating systems in 2019, said Jerry Bryant, director of communications for ‘Intel for product insurance and security, said in a blog post Sunday.
The underlying vulnerability identified by Ruytenberg’s Thunderspy technique is the same as those addressed by this mitigation tool, said Byrant in the publication. The company added that Ruytenberg had not demonstrated successful attacks on machines with the DMA tool enabled.
However, Ruytenberg pointed out that systems released before 2019, as well as some newer systems without activated DMA kernel protection, could still be vulnerable to a Thunderspy attack. He has released a free, open source tool to help users determine if their computers are at risk. Users can also contact their equipment manufacturers to see if the DMA kernel is enabled on new devices.
“For all systems, we recommend following standard security practices, including using only trusted devices, and preventing unauthorized physical access to computers,” said Intel’s Bryant. “As part of the Security-First Pledge, Intel will continue to improve the security of Thunderbolt technology.”
The-CNN-Wire
™ & © 2020 Cable News Network, Inc., a WarnerMedia company. All rights reserved.
–
:quality(80)/cdn-kiosk-api.telegraaf.nl/766dd6e8-9567-11ea-ba45-0255c322e81b.jpg?resize=150%2C150&ssl=1)
