It is not a very uncommon fact that any laptop left in the presence of a hacker, even for a mere 2 minutes can be considered as compromised. A Dutch researcher has recently established these facts from his newly demonstrated research where a hacker on gaining physical access to a laptop can easily hack it. But his findings have pulled everyone’s attention not cause of that, but the cause of the fact that he established his findings on the ultra-common component known as the Intel Thunderbolt port. This port is the most common and is found across millions of computers all over the world.
Last Sunday, a researcher named Bjorn Ruytenberg belonging to the Eindhoven University of Technology established the facts and details on a newly coined attack that he named as the Thunderspy. This technique of Hacking is available for only those Thunderbolt-enabled PCs or Linux based PCs that were in or before manufactured in 2019. This new hacking method will be able to bypass the login screen of any laptop on standby mode or locked mode or even sleeping. It can also bypass the hard disk encryption to gain access.
The attack, although as described by him, requires the hacker to have physical access to it along with the fact that the attacker will also have to open the target computer with some screwdriver. But the process will be so quick that the physical access to the target device will not even be visible. The entire attack can be easily pulled off within a fraction of minutes and does not leave any trace or sign of intrusion. This process of Hacking is also called the ‘evil maid attack’ and can be considered as one of the biggest challenges to overcome.
Any attacker with access to your home, room or even the hotel room where you might be staying can gain access to your laptop and hack information in just a couple of minutes. According to the Dutch researcher, there is no easy software fix for this type of Hacking, and the only possible solution that he could find until now is to disable the Thunderbolt port.
Ruytenberg is also planning on presenting his findings on the Black Hat security conference that will be held on this summer of 2020. The conference date has not been released and whether it will be a virtual conference or a physically present one is still undecided.
But Ruytenberg says, “All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop”. He further added, “All of this can be done in under five minutes.”Source
Ruytenberg is not the first researcher who has projected concerns over the security level of Intel’s Thunderbolt. The Intel Thunderbolt is supposed to transfer data to any external device at a very high speed and due to which the port gets much direct access to the computer’s memory as compared to other Intel ports. It leads to more vulnerabilities, and hence the security level of the Thunderbolt can be said as ‘Zero Level Security’. Various researchers have already cited these vulnerabilities, but no action was taken to minimize it.
The researchers have suggested that the user can take advantage of a feature in Thunderbolt that is known as the ‘security levels’. On using this feature, the computer will stop allowing access to any unknown device. The other way of stopping the attack will be to turn off the Thunderbolt in the OS of your device through its settings.
On turning off the Thunderbolt, the port will be configured to work as a normal USB port or a display port, hence stopping its direct access to the memory of your device. But according to Ruytenberg, both of these techniques fail when the attacker gains access physically to the device. And the worst part is that the user will not even be aware of it as there will be no visible change in the device operating system.