A bug in Thunderbolt allows hackers to steal data even from an encrypted computer. This was the conclusion of cybersecurity specialist Bjorn Rutenberg, whose study leads Wired.
Thunderbolt offers an extremely high transfer rate, giving devices direct access to your PC’s memory, which creates a number of vulnerabilities. Previously, cybersecurity researchers believed that these vulnerabilities could be addressed by denying access to untrusted devices or disabling Thunderbolt altogether, but by providing access to DisplayPort and USB-C.
However, the method described by Ruthenberg overcomes such a defense. To steal data from a computer, even they are encrypted, a hacker will need physical access to the computer, about five minutes of time, and “easily portable equipment,” the researcher’s report says.
The method involves changing the firmware that controls Thunderbolt – such manipulations will allow any device to access the port. Hacking leaves no traces, so the user will never know that the data from his PC has been stolen, says Rutenberg.
“If you intend to use a Thunderbolt connection, we strongly recommend: connect only your own Thunderbolt peripherals; never lend them to anyone; Do not leave the system unattended, even if it is locked; Do not leave Thunderbolt peripherals unattended; provide appropriate physical security during storage of the system and any devices with Thunderbolt”.
Earlier it was reported that the computer’s power supply can become a source of data leakage even without the Internet. An IT specialist from Ben-Gurion University Mordechai Guri is working on creating similar methods for data leakage from a computer physically disconnected from local and global networks.