Thunderbolt ports vulnerable to hands-on hacks

Security researcher Björn Ruytenberg with the Eindhoven University of Technology recently published a report detailing a series of serious security vulnerabilities in Thunderbolt 2 and Thunderbolt 3, collectively called "Thunderspy."

The attack specifically targets Thunderbolt technology, which is a hardware interface developed by Intel (in collaboration with Apple) that allows users to consolidate data transfer, charging and video peripherals into a single connector. While Apple first introduced Thunderbolt ports on its MacBook Pro in 2011, the technology has also been widely adopted with varying PCs such as Dell, HP and Lenovo. The vulnerabilities are present in all machines with Thunderbolt/Thunderbolt-compatible USB-C ports shipped between 2011 and 2020.

Although hackers need physical access to a Windows or Linux computer to exploit the flaws, they could theoretically gain access to all data in about five minutes even if the laptop is locked, password protected, and has an encrypted hard drive. The entire process can reportedly be completed with a series of off-the-shelf components costing just a few hundred dollars. Perhaps most worryingly, the researcher says the flaws cannot be patched in software, and that a hardware redesign will be needed to completely fix the issues.

Ultimately, Ruytenberg says that the only way for users to fully prevent against such an attack is for them to disable their computer's Thunderbolt ports in their machine's BIOS, enable hard drive encryption, and turn off their computer when leaving it unattended.

Read more -here-

• PlayStation Portal can now stream PS5 cloud games
• Google may be asked to sell Chrome browser by DOJ
• Perplexity launches AI-powered shopping search
• EU fines Meta $842 million in a Facebook Marketplace antitrust case
• Amazon takes on Temu and Shein with discount 'Amazon Haul' store
• Waymo's robotaxis are now available to everyone in Los Angeles