Technology
Thunderbolt bugs can expose a PC if you leave it alone with a hacker
Thunderbolt ports may put your PC in jeopardy, but only if you leave it alone with a capable and well-prepared hacker.
That’s according to security researcher Björn Ruytenberg from the Eindhoven University of Technology, who outlined seven vulnerabilities in Thunderbolt, collectively called Thunderspy, in a recent paper (via Wired). The vulnerabilities are serious — a hacker who knows what they are doing could gain full access to data on a laptop that’s locked and encrypted.
Laptops made before 2019 with Thunderbolt ports running Windows and Linux are vulnerable. Macs built before 2019 are a little safer, as an attacker would have to use another attack in conjunction with Thunderspy to gain access. The researcher claims the bugs cannot be fixed via a software update.
Pulling off the attack isn’t easy, though. The hacker needs physical access to the machine, so they can unscrew it and attach a device to it (see Ruytenberg’s video below).
Thunderbolt is a practical hardware interface as it allows for high-speed data transfer as well as charging, and it’s compatible with USB-C. It was first introduced on Apple’s MacBook Pro in 2011.
Thunderbolt is Intel’s standard, and the company issued a response Sunday, claiming that a new security scheme called Kernel Direct Memory Access (DMA) has been implemented since 2019, protecting from these types of attacks. In his paper, Ruytenberg says that “systems supporting Kernel DMA Protection in place of Security Levels, released from 2019 onward, are currently subject to further investigation.”
Thunderbolt came under scrutiny in 2019, when security experts outlined a number of security vulnerabilities under the collective name Thunderclap, which also allow attackers with physical access to a PC to compromise its security. It’s worth noting that Microsoft’s recently launched Surface devices do not support Thunderbolt, allegedly due to security concerns.
-
Entertainment6 days ago
OpenAI’s plan to make ChatGPT the ‘everything app’ has never been more clear
-
Entertainment5 days ago
‘The Last Showgirl’ review: Pamela Anderson leads a shattering ensemble as an aging burlesque entertainer
-
Entertainment6 days ago
How to watch NFL Christmas Gameday and Beyoncé halftime
-
Entertainment5 days ago
Polyamorous influencer breakups: What happens when hypervisible relationships end
-
Entertainment4 days ago
‘The Room Next Door’ review: Tilda Swinton and Julianne Moore are magnificent
-
Entertainment3 days ago
‘The Wild Robot’ and ‘Flow’ are quietly revolutionary climate change films
-
Entertainment4 days ago
CES 2025 preview: What to expect
-
Entertainment3 days ago
Mars is littered with junk. Historians want to save it.