Detecting a Thunderbolt flaw allows a hacker to steal system data for 5 minutes
Thunderbolt is a great achievement when it comes to wired connectivity technology on electronics. This is a high-speed connection standard, developed by Intel under the code name Light Peak and first appeared on the MacBook Pro 2011. The strength of Thunderbolt lies in its ability to both charge and connect. connect and transfer data between computers and other peripherals, all with a single cable. Especially, the ability to transfer data very fast, up to 10Gbps / s - about 2 times higher than USB 3.0 and 20 times higher than USB 2.0. However, Thunderbolt also contains a "fatal" flaw.
Thunderbolt portRecently, international security researcher Bjorn Ruytenberg unexpectedly discovered a vulnerability called 'Thunderspy' that exists in Thunderbolt ports, allowing hackers to easily steal data stored on the system. if there is physical access to the device, even if the user has a computer key and encrypted data. More seriously, the whole process of exploiting this vulnerability takes only a maximum of 5 minutes to proceed in the case of skilled hackers, and the necessary equipment is just screwdrivers and another "mobile hardware". .
Here is the whole process of Bjorn Ruytenberg's 5-minute Thunderspy flaw exploitation:
The underlying cause of Thunderspy is that Thunderbolt allows external devices to directly access the memory of the PC to retrieve data in a short time. However, a good hacker can intervene directly with the hardware system that controls the Thunderbolt port to connect the PC to other unknown removable devices to steal data. The only downside to this type of attack is that hackers are forced to have physical access to your PC, but it possesses three other great advantages, which are to leave no trace. can be done in a fraction of the time, and are cheap.
Intel has confirmed Thunderspy's existence, and has implemented a new security system called Kernel Direct Memory Access (DMA) to mitigate and prevent attacks from this vulnerability. However, at the present time, DMA has only been implemented on Windows 10 from version 1803 RS4 and above, Kernel Linux from 5.x and above and MacOS 10.12.4 and above.
As recommended by Bjorn Ruytenberg, users should disable the Thunderbolt ports in the BIOS to completely prevent this vulnerability. You should also keep an eye on your PC and deploy hard drive encryption.
You should read it
- Compare Thunderbolt 3 and USB-C
- 6 best uses of Thunderbolt 3
- The reason Thunderbolt 3 is the preferred connection standard
- Compare USB4 and Thunderbolt 4
- Why Apple's Thunderbolt 4 Pro Cable Is So Expensive, $129
- The Mac may support both USB 3.0 and Thunderbolt
- Standard 10Gb connection per second from Apple and Intel
- Who is ThunderBolt for?
- CT scan of Apple's Thunderbolt 4 Pro cable shows why it costs $129
- Apple LED Cinema Display is equipped with Thunderbolt
- Ultrabook supports Thunderbolt shipped in the second quarter
- Microsoft fixes that blue image on Windows 10 when connecting an NVMe SSD
Maybe you are interested
How does Thunderbolt actually work?
CT scan of Apple's Thunderbolt 4 Pro cable shows why it costs $129
Compare USB4 and Thunderbolt 4
Why Apple's Thunderbolt 4 Pro Cable Is So Expensive, $129
The reason Thunderbolt 3 is the preferred connection standard
Microsoft explains why the Surface does not have Thunderbolt and cannot upgrade RAM