Microsoft was right – The Thunderbolt connection has an unpatchable flaw that could affect millions of computers

According to a security researcher at Eindhoven University of Technology, Björn Ruytenberg, newly discovered vulnerabilities in the Thunderbolt connection standard could allow hackers to access user data on laptop hard drives in minutes – right away. even when the laptop is locked. Wired reports that these vulnerabilities affect all PCs equipped with Thunderbolt ports launched before 2019.

A few weeks ago, Microsoft explained in a video that security concerns are part of the reason why the Thunderbolt port doesn’t appear on Surface computers. The severity of the vulnerability, as well as the near impossible to prevent it with software, reinforces Microsoft’s argument.

Although hackers still need physical access to your computer to exploit this Thunderspy flaw, in theory, they only take about 5 minutes to access all data even when the laptop is locked. Password protection and encrypted hard drive.

The video below shows Ruytenberg’s technique, which involves covering the bottom of the laptop to access the Thunderbolt port controller, then attaching a SPI (Serial Peripheral Interface) device to a device. SOP8 clamp, a hardware accessory designed to attach to the pins of the controller.

This SPI programming device will then overwrite the chip’s firmware – the process will take about 2 minutes as shown in the video of Ruytenberg. Basically, this will turn off the security settings of the Thunderbolt port and allow access to any device.

Although the entire process of penetrating and bypassing these layers of security requires devices that aren’t widely available on the market, Ruytenberg says they cost only $ 400 to buy. But the most worrying thing is that this flaw cannot be patched with software, and will need to completely redesign the hardware to completely fix this problem.

Apple’s Macs have been using the Thunderbol connection since 2011, but according to Ruytenberg’s research, they were only partially affected by Thunderspy. Besides Intel’s security layer, Apple’s own second layer of protection for Mac computers can prevent hackers from gaining further access to the victim’s data.

However, Mac computers still have vulnerabilities to the same attacks as BadUSB. This is a security bug that has been around since 2014 allowing a malicious usb device to gain control of a computer, steal data and spy on users. Meanwhile, most Windows and Linux computers are greatly affected by this vulnerability.

This is not the first time Intel’s Thunderbolt technology causes security concerns, as it relies on direct access to the computer’s RAM to provide faster data exchange speeds. In 2019, security researchers once discovered a vulnerability called Thunderclap that allowed access to the device via USB-C or DisplayPort.

Finally, in his report, Ruytenberg argued that the only way for a user to fully defend against an attack was to disable the Thunderbolt port in the computer’s BIOS, turn on the hard drive encryption feature, and turn off. computer when not by its side.

Researcher Ruytenberg also developed a small software called Spycheck at this link , so that you can check if your computer could be affected by this attack.

Refer to The Verge