Thunderbolt Vulnerability : Millions of PC's are Affected

Thunderbolt Vulnerability : Millions of PC's are Affected 

Thunderbolt Vulnerability : Millions of PC's are Affected.

A major Security flaw has found in Intel's Thunderbolt port. A security researcher has found that millions of Windows and Linux PC'c are affected by this flaw which computer are manufactured before 2019 are at risk including modern Macs.

The issue is now affecting millions of windows and Linux PC's . It can be used by hackers to break into your system and steal all its data in a matter of minutes. A researcher from Eindhoven University of Technology revealed the details of new attack method he's calling Thunderspy. On Thunderbolt port enabled Windows or Linux PC's that have been manufactured before 2019, Thunderspy can bypass the login screen of a sleeping and locked computer and even its hard disk encryption to gain full access to the computer's data.

Vulnerabilities that break primary security claims for Thunderbolt 1,2 and 3:

• Weak Device Authentication Scheme.
• No Thunderbolt Security on Boot Camp.
• Use unauthenticated device metadata. 
• Use of Unauthenticated controller configuration. 
• Inadequate Firmware Verification Schemes.   

Security Researcher have been wary of Intel's Thunderbolt interfaces as a potential security issue . It offers faster speed of data transfer to external devices in part by allowing more direct access to a computer memory than other ports, which can lead security vulnerabilities.

Attack which can be Done  By Thunderbolt Vulnerability:

Thunderbolt Vulnerability : Millions of PC's are Affected 

Hard disk encryption to steal data and Bypassing Lockscreen 

If a hacker have the physical access to your computer's Thunderbolt machine he could use a technique called ' Thunderspy ' and gain access to you machine's data. This method works even when your device is locked with a password its hard disk is encrypted and the Thunderbolt port access is disabled.

How the Hacker's Break in ?

A researcher said that Thunderspy attack on a vulnerable PC. An hacker just need to unscrew the backplate attach a device reprogram the firmware and reattach the backplate.The reprogram firmware let the hacker change Thunderbolt port setting and open the way of malicious peripheral Device to access it. 

Intel has fixed the Vulnerability after 2019

The vulnerability was disclosed to Intel in February they created a Thunderbolt Security System called "Kernel Direct Memory Access Protection" to prevent Thunderspy attacks. However these protection is available with the notebooks which are manufactured after 2019 or later older notebooks are still unprotected.

Intel added including the use of only trusted peripheral and preventing unauthorized physical access to the computer.