Here’s why you should never leave anyone alone with your laptop

New physical access attack can bypass security facilities and hard disk encryption

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A flaw in the commonIntelThunderbolt port could allow hackers to break into affected devices in a matter of minutes, researchers have claimed.

The vulnerability is found in millions ofWindowsandLinuxPCs manufactured before 2019 and can be used by an attacker with physical access to the device to circumvent both password protection and hard disk encryption.

Uncovered by security researcher Björn Ruytenberg of the Eindhoven University of Technology, the physical access attack - which he refers to as Thunderspy - can scrape data from the target machine without leaving so much as a trace.

The issue reportedly cannot be resolved via a simple software fix - but only by deactivating the vulnerable port.

Thunderbolt vulnerability

The newly discovered Thunderbolt vulnerability opens the door to what Ruytenberg refers to as an “evil maid attack” - an attack that can be executed if the hacker is afforded time alone with a device.

“All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop. All of this can be done in under five minutes,” he explained.

According to Ruytenberg, the Thunderspy technique (demonstrated inthis video) only requires circa $400 worth of equipment, which can be used to rewrite the Thunderbolt controller’s firmware and override security mechanisms.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The researcher disclosed his findings to Intel in February, as acknowledged by the firm in a recent blog post, in which it also sets out its advice to affected users.

“While the underlying vulnerability is not new and was addressed inoperating systemreleases last year, the researchers demonstrated new potential physical attack vectors using a customized peripheral device,” said the firm.

Intel also stressed that the most widely used operating systems have all introduced Kernal Direct Memory Access (DMA) protection to shield against attacks such as this.

“The researchers did not demonstrate successful DMA attacks against systems with these mitigations enabled. Please check with your system manufacturer to determine if your system has these mitigations incorporated,” the company advised.

Unless you happen to be living with an “evil maid” under quarantine, your device is most likely safe for now. However, Intel has recommended owners of affected devices use only trusted peripherals and do not leave devices unattended for an extended period if possible.

ViaWIRED

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption

Samsung plans record-breaking 400-layer NAND chip that could be key to breaking 200TB barrier for ultra large capacity AI hyperscaler SSDs

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)