New Thunderbolt flaw lets hackers bypass security features in five minutes

New Thunderbolt flaw lets hackers bypass security features in five minutes 1
In brief: If your laptop somehow makes its way into hackers’ hands, will the login screen and hard disk encryption keep its contents safe? You might imagine so, but if it’s got a Thunderbolt port, you could be in trouble.

Boasting 40Gbps transfer speeds, as well as the ability to power devices and connect to 4K peripherals, Intel’s Thunderbolt interface works by offering more direct access to a computer’s memory compared to other ports.

One drawback with Thunderbolt 3 is its security issues; Microsoft says you won’t find the port on Surface devices because it’s insecure.

It was last year revealed that a series of security flaws named Thunderclap allowed a hacker with a malicious USB drive to exploit Thunderbolt’s direct memory access, bypassing all of a computer’s security measures.

It’s possible to protect against Thunderclap by disallowing access to untrusted devices or turning off Thunderbolt altogether, but a new attack can circumvent even those measures.

As reported by Wired, Eindhoven University of Technology researcher Björn Ruytenberg has revealed a new attack he’s named Thunderspy, which can bypass the login screen of sleeping or locked Thunderbolt-enabled computers. It works on both Windows and Linux PCs manufactured before 2019 and can even bypass hard disk encryption.

The technique, which takes less than five minutes, relies on an attacker having alone time with a device, which is known as an “evil maid attack.”

“All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop,” says Ruytenberg

To prevent the previous Thunderclap attack, Intel created Kernel Direct Memory Access Protection, which also prevents Thunderspy. But there’s no Kernal DMA Protection on computers manufactured before 2019, and its implementation is spotty on devices made from 2019 or later. Only a few HP and Lenovo models from 2019 or later use it, and researchers couldn’t find Kernel DMA Protection on any Dell machines. It should be noted that Apple’s MacOS computers are unaffected.

[embedded content]

You can see the attack, which involves opening up a laptop, performed in the video above. The SPI programmer device rewrites the Thunderbolt controller’s firmware, turning off its security settings.

“I analyzed the firmware and found that it contains the security state of the controller,” Ruytenberg says. “And so I developed methods to change that security state to ‘none.’ So basically disabling all security.”

The method uses around $400 worth of equipment, but also requires an SPI programmer device and a $200 peripheral for carrying out the direct memory attack. Ruytenberg believes the entire setup could be built into a single device for around $10,000. “Three-letter agencies would have no problem miniaturizing this,” he said.

After being informed of the attack, Intel noted that that Kernel DMA Protections prevent against it. The company also recommended “the use of only trusted peripherals and preventing unauthorized physical access to computers.”

The best preventative measure, of course, is to ensure hackers don’t end up with physical access to your computer.

You can check if your machine is vulnerable to Thunderspy using this free tool created by Ruytenberg.

New Thunderbolt flaw lets hackers bypass security features in five minutes 2
blank
About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

blank

E-Crypto News Executive Interviews


blank

bitcoin
Bitcoin (BTC) $ 39,798.00
ethereum
Ethereum (ETH) $ 2,644.37
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 335.60
cardano
Cardano (ADA) $ 1.33
xrp
XRP (XRP) $ 0.753292
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.206342
polkadot
Polkadot (DOT) $ 18.34
binance-usd
Binance USD (BUSD) $ 1.00
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 39,798.00
ethereumEthereum (ETH)
$ 2,644.37
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 558.09
litecoinLitecoin (LTC)
$ 144.34
bitcoinBitcoin (BTC)
33.536,70
ethereumEthereum (ETH)
2.228,34
tetherTether (USDT)
0,842673
bitcoin-cashBitcoin Cash (BCH)
470,29
litecoinLitecoin (LTC)
121,63
bitcoinBitcoin (BTC)
28,621.37
ethereumEthereum (ETH)
1,901.74
tetherTether (USDT)
0.719166
bitcoin-cashBitcoin Cash (BCH)
401.36
litecoinLitecoin (LTC)
103.80

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

blank
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021
blank
What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021
Crypto Scams On The Rise As Market Enters Bull Cycle
Crypto Scams On The Rise As Market Enters Bull Cycle
December 22, 2020
Harpreet Singh Sahni perpetrated the Plus Gold Union Coin (PGUC) scam
Sydney Concert Promoter Harpreet Sahni Involved In $50M Crypto PGUC Scam
November 2, 2020

Blockchain/Cryptocurrency Questions and Answers

Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021
Solana
What Is Solana (SOL) And How Does It Work?
June 26, 2021
blank
What Is Plethori Platform And How Does It Work?
June 12, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d

bitcoin
Bitcoin (BTC) $ 38,544.00
ethereum
Ethereum (ETH) $ 2,489.49
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 322.52
cardano
Cardano (ADA) $ 1.30
xrp
XRP (XRP) $ 0.716179
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.198225
polkadot
Polkadot (DOT) $ 17.39
binance-usd
Binance USD (BUSD) $ 1.00