Thunderbolt ports may put your PC in jeopardy,About but only if you leave it alone with a capable and well-prepared hacker.
That's according to security researcher Björn Ruytenberg from the Eindhoven University of Technology, who outlined seven vulnerabilities in Thunderbolt, collectively called Thunderspy, in a recent paper (via Wired). The vulnerabilities are serious — a hacker who knows what they are doing could gain full access to data on a laptop that's locked and encrypted.
Laptops made before 2019 with Thunderbolt ports running Windows and Linux are vulnerable. Macs built before 2019 are a little safer, as an attacker would have to use another attack in conjunction with Thunderspy to gain access. The researcher claims the bugs cannot be fixed via a software update.
Pulling off the attack isn't easy, though. The hacker needs physical access to the machine, so they can unscrew it and attach a device to it (see Ruytenberg's video below).
Thunderbolt is a practical hardware interface as it allows for high-speed data transfer as well as charging, and it's compatible with USB-C. It was first introduced on Apple's MacBook Pro in 2011.
Thunderbolt is Intel's standard, and the company issued a response Sunday, claiming that a new security scheme called Kernel Direct Memory Access (DMA) has been implemented since 2019, protecting from these types of attacks. In his paper, Ruytenberg says that "systems supporting Kernel DMA Protection in place of Security Levels, released from 2019 onward, are currently subject to further investigation."
SEE ALSO: Apple launches 13-inch MacBook Pro with Magic Keyboard, new processorThunderbolt came under scrutiny in 2019, when security experts outlined a number of security vulnerabilities under the collective name Thunderclap, which also allow attackers with physical access to a PC to compromise its security. It's worth noting that Microsoft's recently launched Surface devices do not support Thunderbolt, allegedly due to security concerns.
Topics Cybersecurity
Best Presidents' Day deal: Save $250 on Peloton Bike
Waymo blames collision with motorcycle on human error, not AI
Welsh girl perfectly sums up the dark irony of the internet in 2 images
Google Chrome has a new plan to fight shady ads
GPU Availability and Pricing Update: April 2022
Ryan Lochte hired Justin Bieber's former crisis manager
Mark Zuckerberg won't appear before the UK and Canada's joint committee
Mark Zuckerberg won't appear before the UK and Canada's joint committee
Best Amazon deal: Save 20% on floral and botanical Lego sets
Idris Elba finally wins 'Sexiest Man Alive' but just wants you to vote
Trump praises storm response as historic disaster unfolds in Houston
Oppo R17 Pro has a triple camera and a dual battery
What critics thought of 'Fantastic Beasts: The Crimes of Grindelwald'
'Podcast bingo' is a perfect summation of the clichés you always hear
Trump praises storm response as historic disaster unfolds in Houston
Chelsea Peretti parodies Adele's apology video, totally nails it
Google Chrome has a new plan to fight shady ads
The most basic president in history
Lego free Valentine's Day Heart: How to get free Lego
Apple acquires medical record startup Gliimpse as latest step to visualize personal health data
What Does a Fact Look Like?Women’s WorkCheckmateSocial Justice TourismRunaway American DreamsCastes of MindChaos and CarnageHead in the CloudA Theory of Thorstein VeblenWars Never EndWars Never EndIrreconcilable BillionairesBurning Down the BordertownAstronomers saw a long, bright space blast, but it wasn't a supernovaA Theory of Thorstein VeblenThe Fruit of PowerSpecific DetailsA State of One’s OwnFake RealnessOutside the Text Home Depot has up to 50% off select bed and bath basics People are freaking out about mystery texts sent from their phones Brits told to eat 10 fruit and veg a day, Twitter goes into utter meltdown Sushi donuts will make your Instagram feed a little more delicious in 2017 Facebook employees discuss 'f*cking with' developers in leaked internal chats Immigration experts share ways to aid undocumented community members #BootBae shows us the real function of high heel boots Signal could make NBA's tampering problem even harder to solve Netflix's 'The Devil Next Door' Review John Legend trolled Donald Trump like a champion Blogger learns that it's never OK to talk down pizza 'Tina: The Tina Turner Musical' showcases a Broadway powerhouse Seth Meyers' Netflix special gives fans a way to skip the Trump jokes Students fight back after diversity posters banned from school for being 'anti What Marvel content will be available on Disney+? 'For All Mankind' never slows down enough to serve its clever premise Earth discovers its friendly new neighbors in this Google doodle Yubico unveils security key with built Emma Watson just found a new, Earth Adobe finally releases Photoshop on iPad