Bjorn Ruytenberg, a researcher at Eindhoven University in the Netherlands, identified a security flaw in the Thunderbolt port that could allow a hacker to break into a computer and access all of its data in a matter of minutes, even if the computer’s owner has taken security precautions.
“If your computer has such a port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep,” Ruytenberg said in the report. He dubbed the hacking technique “Thunderspy.”
For its part, Intel says that if users take normal security precautions and don’t leave their computers somewhere a hacker could access them for even a few minutes — even if they have encrypted drives — they shouldn’t be too worried about this type of hack.
While the Thunderspy attack is technically possible on many computers with a Thunderbolt port, it requires that the hacker gains physical access to the computer for several minutes — enough time to unscrew the back panel of a laptop, plug in a device to the Thunderbolt and override security features, reattach the back of the laptop and then access the computer’s data.
Most people likely do not have valuable enough data on their computers for a hacker to want to carry out such a targeted attack. Even beyond Thunderspy, security experts have long warned of risks that could come from letting a hacker gain physical access to a computer.
The underlying vulnerability identified by Ruytenberg’s Thunderspy technique is the same as those addressed by that mitigation tool, Byrant said in the post. The company added that Ruytenberg did not demonstrate successful attacks against machines with the DMA tool enabled.
However, Ruytenberg pointed out that systems released before 2019, as well as some newer systems without Kernel DMA protection enabled, could still be vulnerable to a Thunderspy attack. He released a free, open-source tool to help users determine whether their computers are at risk. Users can also contact their equipment manufacturers to see if Kernel DMA is enabled on newer devices.
“For all systems, we recommend following standard security practices, including the use of only trusted peripherals and preventing unauthorized physical access to computers,” Intel’s Bryant said. “As part of the Security-First Pledge, Intel will continue to improve the security of Thunderbolt technology.”