News, Culture & Society

Flaw with Thunderbolt connections on PCs lets hackers access the hard drive in about ‘five minutes’

A flaw affecting Thunderbolt connections on millions of PCs lets hackers access a computer’s hard drive in ‘five minutes,’ researchers say

  • The flaw affects Thunderbolt connections on PCs and Macs made before 2019
  • A flaw is able to bypass password protection and hard drive encryption  
  • Researchers say it can be executed in just five minutes with simple tools
  • Intel says the issues was addressed in firmware updates but reports suggest those measures have not been widely adopted

An issue with found in a popular connection attached to PCs and Macs lets hackers access the machine’s hard drive in just five minutes according to researchers.

According to a report from security researchers at Eindhoven University of Technology, the flaw, which they’re calling Thunderspy, affects the Thunderbolt connection found mostly in PC’s manufactured before 2019.

Thunderbolt is a branded connection developed by Apple and Intel that allows for faster transfer speeds using direct connection to a computer’s memory. 

While the hack would require physical access to a computer, researchers say that it could potentially subvert most safeguards including a screen-lock with password protection and even an encrypted hard drive.

The Thunderbolt connection (pictured) can be exploited to steal information from a computer’s hard drive in just five minutes according to new research (stock)

The flaw can also be exploited with some simple off-the-shelf tools and cannot be patched through firmware or software updates according to the researchers. 

‘Thunderspy works even if you follow best security practices by locking or suspending your computer when leaving briefly, and if your system administrator has set up the device with Secure Boot, strong BIOS and operating system account passwords, and enabled full disk encryption,’ the researchers say in a report.

‘All the attacker needs is 5 minutes alone with the computer, a screwdriver, and some easily portable hardware.’ 

The flaw only partially affects Mac computers which are protected by measures in MacOS. 

As a result, they say that the attack is similar to  a BadUSB attack which exploits a USB port and can be used to offload malware capable of running malicious commands on a device.

‘The system becomes vulnerable to attacks similar to BadUSB. Therefore, MacOS is partially affected,’ they write.

Pictured is a schematic of hardwarae

Pictured is a schematic of hardwarae 

As noted by The Verge, Intel has claimed that that the flaw isn’t new and was addressed by operating system updates last year.

Wired, however, reports that the security measure that supposedly protects against Thunderspy, called Kernel Direct Memory Access Protection, has not been broadly implemented. 

To protect against the exploit, researchers say that users can disable the Thunderbolt connection in their computers’ BIOS – firmware that initiates hardware processes and other internal functions. 

They have also made a piece of software called Spycheck that will tell you whether your machine is at-risk of being exploited by Thunderspy. 


Comments are closed.