More Than a Million PCs Exposed to Hackers

All the PCs with a thunderbolt port are exposed to hacking by a new technique called thunderspy. Using this new technique the attacker can get access to your hard drive in less than 5 minutes. The attack is prominent in devices that were manufactured before 2019. Apple users can take a breath of relief as this attack is not replicable on MAC OS.

What is the issue?

Tech experts were skeptical about thunderbolt from the very beginning. This is used for faster transfer of data between two devices but it comes at a cost. To increase the transfer speed, thunderbolt bypass several security measures. It also has higher direct access to computer memory as compared to any other port on the PC. According to a group of researchers, they were able to bypass all the essential security measures on a PC just by plugging an infected device in thunderbolt port. If the attack is carried out successfully, the attacker will be able to bypass your system security even if the PC is asleep). It will also allow him to bypass hard disk encryption. The information about this vulnerability was first shared with the public by Bjorn Ruytenberg. He has also shared a list of all the vulnerabilities that he identified. The list has the following vulnerabilities mentioned :

  1. Inadequate firmware verification schemes
  2. A weak device authentication scheme
  3. Use of unauthenticated device metadata
  4. Downgrade attack using backward compatibility
  5. Use of unauthenticated controller configurations
  6. SPI flash interface deficiencies
  7. No Thunderbolt security on Boot Camp

unnamed 1

The evil maid!

This attack usually requires a screwdriver and physical access to the system. An attacker can remove the laptops backplate and in less than 5 minutes hack into your system. The attack leaves no trace and cant be identified easily. These types of attacks are called an “evil maid” attack because just like an evil made, the attacker can be very close to you and can harm you without you getting the slightest hint about it. Many attackers have even created a short tutorial/demo explaining the entire process to use this vulnerability. So anyone with access to your system, a screwdriver, and some expensive tools is now capable of causing harm to you.

Ingredients of the attack

The video which showed the demo to carry out this attack also explains the true cost of all the types of equipment that are required. A rough estimate of $380-$450 dollars was used in the video along with an additional $200 peripheral which will be used to plug into the vulnerable port and carry out the attack. The creator of the video climbed that the actual cost to set up the entire environment for carrying out this attack is somewhere around $10,000. But looking at how easy it makes for a hacker t hack into the system and how extensively it can be used, the cost seems justified.

YYRzznCNjbutYWJG

The irreversible.

Though all the major computer manufacturers are trying to tighten the security by rolling out security patches, this issue seems a tough nut to crack. This is because the attack is carried out using a vulnerability in the hardware. This gives direct access to the memory no matter what security measure you take. The whistleblower of this attack also claims that the flaw cant is fixed using the software. Instead, the company will have to do a “silicon redesign”.

How to prevent yourself

The tools or tips are limited for this hardware-based attack. There is an inbuilt thunderbolt security feature called “security levels” that can help to some extent. Using this, you can disallow access to any untrusted device to the system. The other way to safeguard yourself is by completing dibbling the thunderbolt port in the OS settings. Using this technique, the thunderbolt port will be converted into a normal USB port. Intel is working on the issue and also released a security measure called kernel Direct Memory Access (DMA) protection. But this DMA protection is not available to computers that were manufactured in or before 2018. The detailed report about the attack is also available on a website created by Ruytenberg. The website is accessible here. One can go through the website to get in-depth knowledge about the issue along with diagrams and video demos.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top