Last updated on December 8th, 2022 at 02:07 pm
To use them, you need direct access to the computer, but there are no signs of hacking
Computer security researcher Björn Ruytenberg, who works at the Eindhoven University of Technology, spoke about vulnerabilities discovered in computers equipped with the Thunderbolt interface.
According to him, these vulnerabilities lead to the fact that an attacker who gained physical access to a computer (just a few minutes is enough) could be able to steal data from drives, even if they are encrypted, and the computer is locked or in sleep mode.
Neither Secure Boot nor strong passwords to the BIOS or the OC account are an obstacle.
The Thunderspy attack is invisible to the victim, that is, it leaves no signs of hacking. To implement hostile intentions, an attacker will need a screwdriver and some “portable equipment” (controller flash memory programmer).
Vulnerabilities exist in all computers with Thunderbolt. In some systems released last and current year, they are partially eliminated. The researcher offers the Spycheck utility, which allows you to check whether a particular system is vulnerable.
As a measure to prevent data theft, Rutenberg recommends that you do not connect other peripheral devices to the computer and never lend your devices to strangers or leave them unattended.
In addition, he advises not to leave the computer turned on, even under password protection.
If you do not plan to use the Thunderbolt interface, the corresponding controller should be completely disabled in the BIOS or UEFI settings, but remember that the USB or DisplayPort interfaces that work through the same USB-C connectors will also become unavailable.
