"Millions of Thunderbolt-Equipped Devices Open to 'ThunderSpy' Attack"

Research has shown that millions of Windows or Linux computers manufactured before 2019 are vulnerable to physical attacks through the exploitation of the Intel Thunderbolt port, which is a popular multipurpose connector. Researcher at the Eindhoven University of Technology, Bjorn Ruytenberg, recently shared details about an attack that can be executed in less than five minutes, called ThunderSpy. The attack allows the circumvention of a sleeping or locked computer's login screen, as well as its hard disk encryption, to read and copy the computer's data. While this attack's performance requires physical access to the machine, it is stealth in that traces of the attack cannot be found. Ruytenberg discovered the ThunderSpy attack through the analysis of flaws associated with Thunderbolt protocol security measures and the development of attack scenarios that explore the possible ways in which bad actors can exploit those vulnerabilities despite the implementation of industry standards. In a video demonstration, Ruytenberg used a screwdriver, Serial Peripheral Interface (SPI) programmer device, and an inexpensive Thunderbolt peripheral to perform the attack. This article continues to discuss flaws contained by the Thunderbolt port, the disclosure of these flaws to Intel, and the demonstration of the ThunderSpy attack. 

Threatpost reports "Millions of Thunderbolt-Equipped Devices Open to 'ThunderSpy' Attack"