"If your computer has such a port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep," Björn Ruytenberg, a researcher at Eindhoven University of Technology in the Netherlands, who found the vulnerability, calling the attack "Thunderspy".
A recent report from a Dutch security researcher also details a hacking mechanism that targets a common feature on millions of computers: the Thunderbolt port.
Thunderspy is stealth, meaning that you cannot find any traces of the attack. The attack also does not require any engagement on the part of the computer's user, unlike other types of attacks such as phishing.
Unfortunately, the Thunderspy vulnerabilities can't be fixed in software. This will require a silicon redesign down the road, or else it will also hurt the forthcoming Thunderbolt 4 technology.
To protect yourself from the attack, you should first consider running Ruytenberg's Spycheck software, which is free and open source, to verify whether or not your system is vulnerable to a Thunderspy attack. If your system is at risk, Spycheck will guide you through some recommendations to protect yourself.
Beyond that, Ruytenberg recommends the following:
- Connect only your own Thunderbolt peripherals. Never lend them to anybody.
- Avoid leaving your system unattended while powered on, even when the screen is locked.
- Avoid leaving your Thunderbolt peripherals unattended.
- Ensure appropriate physical security when storing your system and any Thunderbolt devices, including Thunderbolt-powered displays.
- Consider using hibernation (Suspend-to-Disk) or powering off the system completely. Specifically, avoid using sleep mode (Suspend-to-RAM).
Just remember: This renders all Thunderbolt ports inoperable, including USB and DisplayPort connectivity. However, USB-C charging will most likely remain functioning.
No comments:
Post a Comment