Hackers are currently targeting computers manufactured before 2019 due to defects in the Intel Thunderbolt port, which is found in millions of computers, and hackers use a relatively simple piracy technology called Thunderspy in order to access the computer, so that the attack Thuderspy takes less than five minutes.
The Dutch researcher at Eindhoven University of Technology Björn Ruytenberg showed how this type of successful penetration can be implemented through a very common physical component, in addition to clarifying the details of the new attack method on Windows or Linux computers with a Thunderbolt port.
According to the researcher, Apple‘s macOS computers are not affected by the vulnerability unless the user is running Boot Camp, and Rothenberg launched a tool to determine that the computer is vulnerable to attack, and is it possible to enable Kernel DMA Protection on the device.
Security experts have warned for years that a computer that is left alone with a hacker, even for a few minutes, should already be considered a hacked device, so that the Dutch researcher’s technology can bypass the login screen of a locked computer, and it can also bypass hard disk encryption for full access to computer data .
Thunderbolt port provides extremely high transfer speeds by giving devices direct access to the computer’s memory, which also creates a number of weaknesses.
Researchers previously believed that these vulnerabilities, called “Thunderclap”, could be mitigated by preventing untrusted devices from accessing, or completely disrupting the “Thunderbolt” port, while permitting DisplayPort and USB-C access.
However, the Dutch researcher’s attack method can avoid these settings by changing the firmware that controls the Thunderbolt port, allowing any device to access the port, and the new penetration technology leaves no trace of intrusion, so the user will never know that his computer Hacked because the operating system will not display any visual change.
There is currently no executable software fix except disabling the Thunderbolt port, and the user also needs to encrypt the hard drive and shut down the computer completely when left unattended, for full protection.
“All that the attack needs is to remove the back cover of the device, connect the device for a while, reprogram the firmware of the internal chip responsible for the Thunderbolt port, reinstall the back cover, and enjoy full access to the computer, all within less than five minutes,” Reuterberg said.
Source : Thunderspy