A series of vulnerabilities tied to the Thunderbolt connection standard may allow hackers to access the files on the hard drive of a laptop in mere minutes, according to an announcement made by a renowned security analyst.
The vulnerabilities affected all PCs with Thunderbolt ports, which were manufactured before 2019. Physical access to the computer is required, but this may not be a major obstacle for some malevolent entities. A machine that runs Windows and Linux could be hacked and accessed in less than five minutes even if the device is locked, protected by a password, or the drive is encrypted.
Components needed to access and hack the system can be bought off-the-shelf with a few hundred dollars. The most important issue is represented by the fact that these flaws are integrated into the hardware architecture of the standard, and a redesign is needed for their removal. This also means that they cannot be patched via software updates.
Apple Macs offer support for Thunderbolt since 2011, but the closed nature of macOS offers additional protection, and they are only partially vulnerable in the face of Thunderspy. They are vulnerable against attacks modeled after BadUSB, a security flaw that surfaced more than six years ago and can be used to created infected USB. A computer to which the USB is then connected can be controlled and spied one while the hacker can also copy interesting data at will.
Intel has been in hot waters due to Thunderbolt in the past, as the standard relies on direct access to memory to deliver impressive operating speed. In 2019 security experts spotted a vulnerability known as Thunderclap, which relied on USB-C or DisplayPort ports to facilitate access to sensitive data.
While the IT giant has stated that the vulnerability has been addressed, it seems that only select devices run the protection protocol.