Zero day Thunderbolt port vulnerability exploitable in 3 minutes affects millions of devices

For years experts in a cyber security course have feared the emergence of a vulnerability that could be exploited in a matter of minutes. In this regard, a researcher has just demonstrated how this variant of physical access hacking can be deployed against a very common resource: Intel’s Thunderbolt port, which is located on millions of devices.

A Dutch institute researcher Bjorn Ruytenberg has revealed the details of Thunderspy, a new attack variant against Windows and Linux systems that are enabled for the use of Thunderbolt and manufactured before 2019. Using this method, hackers can bypass the login screen of a locked computer, and even hard drive encryption, to gain full access to the affected device.

While in some cases this attack requires opening a laptop’s case with a screwdriver, the process leaves no trace of intrusion and can be completed in just a few minutes. Experts in the cyber security course know this variant as “evil maid attack”, as it requires the attacker to have time alone with a target laptop (in a hotel room, for example).

“After removing the back casing from the laptop, the attacker should only connect it to a device momentarily, reprogram the firmware and reposition the case, which will complete the attack,” Ruytenberg says. In addition, the expert ensures that there is no easy-to-implement solution in addition to disabling the target port.   

Due to its features, experts in the cyber security course have expressed concern about potential attacks against the Thunderbolt port. In addition, a set of Thunderbolt component failures, revealed by a group of researchers, demonstrated that by connecting a malicious device on a computer’s Thunderbolt port, threat actors can bypass all security measures enabled on the target device.

Manufacturers have begun to speak out. HP, for example, mentions that its products are protected from attacks via the Thunderbolt port. Moreover, Lenovo mentions that its security teams are evaluating these new reports, while Dell mentions that its customers only need to follow security policies at their respective companies or homes to keep their devices safe.

Finally, Ruytenberg points out that the flaws he encountered extend to Intel hardware and cannot be solved with software updates. For further reports on vulnerabilities, exploits, malware variants and computer security risks you can access the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.