According to the report, a security researcher at Eindhoven University of Technology has revealed that all PCs created before 2019 may be hacked due to defects in commonly used Thunderbolt ports. But, exploiting the Thunderspy attack requires physical access to your device.
“Thunderspy works even if you follow best security practices by locking or suspending your computer when leaving briefly, and if your system administrator has set up the device with Secure Boot, strong BIOS and operating system account passwords, and enabled full disk encryption”, the researcher said.
This technique can circumvent the login screen of a sleeping or locked computer and even its hard disk encryption on Thunderbolt compatible Windows or Linux PCs created prior to 2019 in order to gain full access to data from the computer.
Last year, a group of security researchers discovered a number of vulnerabilities in the Intel Thunderbolt network found on most PCs. The series of bugs known as Thunderclap could be exploited to access all of the data by adding a customized program to compromised computers.
The researchers then advised users to use a Thunderbolt feature, called ‘protection rates,’ which transforms the port into a mere USB and display port by disabling access to untrusted devices connected to the port.
Demo On How does Thunderspy Attack Works?
Thunderspy belongs to the category of malicious-maid attacks, which means that to target it it needs physical access to the device, so it is less frequent than other remote attacks. But on the other hand, Thunderspy remains a stealth blast. After the successful execution of the invasion the perpetrators would leave virtually no sign of abuse.
The software is unable to patch thunderspy bugs which will affect future requirements such as USB 4 and Thunderbolt 4 which will require a redesign of the chip.
In conclusion, if you find yourself a potential target for evil-maid attacks and bring a Thunderbolt device with you, always stop leaving your devices unattended or power-off the system completely, or at least suggest using hibernation instead of sleep mode.