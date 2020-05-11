Vulnerabilities discovered in the Thunderbolt connection standard could allow hackers to access the contents of a locked laptop's hard drive in minutes, announced a security researcher at Eindhoven University of Technology. Cabling reports that vulnerabilities affect all Thunderbolt PCs built before 2019.

Although hackers need physical access to a device to exploit the flaws, they could theoretically gain access to all the data in about five minutes, even if the laptop is locked, password protected, and has an encrypted hard drive. According to reports, the entire process can be completed with a series of standard components that cost only a few hundred dollars. Perhaps most concerning is that the researcher says that the flaws cannot be repaired in the software and that a hardware redesign will be needed to completely fix the problems.

Björn Ruytenberg, the researcher who discovered the vulnerabilities, has published a video showing how an attack is carried out. In the video, remove the backplate and connect a device to the inside of a password protected Lenovo ThinkPad laptop, disable its security, and log in as if you had your password. The entire process takes about five minutes.

This is not the first time that security issues have been raised about Intel's Thunderbolt technology, which relies on direct access to a computer's memory to deliver faster data transfer speeds. In 2019, security researchers revealed a Thunderbolt vulnerability they called "Thunderclap,quot; that allowed seemingly innocuous USB-C or DisplayPort hardware to compromise a device. These security issues are reportedly the reason Microsoft hasn't added Thunderbolt connectors to its Surface devices.

In a blog post responding to the report, Intel claims the underlying vulnerability is not new and that it was addressed in versions of the operating system last year. However, Cabling reports that this Kernel Direct Memory Access Protection has not been universally implemented. Security researchers say they couldn't find any Dell machines with the protection applied, and were only able to verify that some HP and Lenovo laptops were using it.

Although Apple Macs have offered Thunderbolt connectivity since 2011, researchers say they're only "partially affected,quot; by Thunderspy if they're running macOS.

Ultimately, Ruytenberg says the only way users can completely prevent against such an attack is to disable their computer's Thunderbolt ports in their machine's BIOS, enable encryption on their hard drive, and shutdown the computer when they leave it unattended. The researcher has developed software called Spycheck (available through the Thunderspy site) that they say should tell you if your machine is vulnerable to attack.

Thunderbolt 3 will be integrated into the USB 4 specification. Researchers say USB 4 controllers and peripherals may also be vulnerable and will need to be tested once they become available.