A Bolt from the Blue: Thunderbolt Shortcoming Makes PC Hacking Easy

Hacking PCs was never this easy.

Physical access to the device, some off-the-shelf equipment and a little 'evil' time invested are all its takes for a bad actor to wreck a hacking attack on your device now despite all your conventional locking practices, leaving no clue of the attack.

In short a sly evil maid attack.

Scared?

If you are, here is more.

Computers installed with Intel's Thunderbolt ports are vulnerable to hands-on hacking attempts due to security issues in its hardware interface, according to research by BjörnRuytenberg, a security researcher at Eindhoven University of Technology in The Netherlands.

And this is only the tip of the iceberg.

To add insult to the injury it has been confirmed that the issue will affect Thunderbolt-enabled machines manufactured between 2011 and 2020 and running any of the three major operating systems – Windows, Linux and, to a lesser extent, macOS.

"All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop," Ruytenbergsaid.

A total of 7 vulnerabilities were found to affect Thunderbolt versions 1 through 3.

Ruytenberg developed a firmware patching toolkit called Thunderbolt Controller Firmware Patcher (tcfp), disabling Thunderbolt security without accessing the machine's BIOS or operating system. Since all of this takes place covertly and the changes aren't reflected in BIOS, the victim is unaware of what is going on.

Ruytenberg also developed another tool, called SPIblock. Using it together with tfcp, he did disable Thunderbolt security for good and block all future firmware updates, all the while remaining undetected.

What does guard against it is Kernel Direct Memory Access (DMA) protection that was introduced in 2019, as Intel states in its response to the published report.

As an antidote one can use Spycheck, a tool specifically developed by the researcher to scan for Thunderspy vulnerabilities. Further one shouldn't leave the computer unattended while powered on even if the screen is locked. Ditto for Thunderbolt peripherals. It is also recommended disabling the Thunderbolt ports entirely in BIOS, which would inactive keeping you safe.

ISOEH is the organization that teaches prevention is better than cure with its efficient ethical hacking tutorials.

Read on for more hacking stories.