Millions of computers are vulnerable to hacking due to Thunderbolt
Millions of computers are vulnerable to hacking due to Thunderbolt

Due to a bug in the Intel port (Thunderbolt), hackers are currently targeting computers that were manufactured before 2019. The port is found in millions of computers, and hackers use a relatively simple piracy technology called (Thunderspy) to access computers, so it took the attack (Thuderspy) Less than five minutes.

Dutch researchers from Eindhoven University of Technology (Bjorn Rothenburg) have shown how this successful breakthrough can be achieved with very popular hardware components and elucidated details of new attack methods on Windows or Linux computers with Thunderbolt ports. .

According to the researchers, Apple's macOS computer is only affected by this vulnerability if the user is running (Boot Camp). Rothenberg has started a tool that can be used to determine if a computer is vulnerable to attack and can be activated on the device (DMA Protection Kernel).

For many years, security experts have warned that even if only a few minutes remain, hackers should view the computer alone as a compromised device in order for Dutch researchers' technology to bypass the locked computer's login screen and hard drive encryption can be bypassed to the maximum extent of data acquisition PC.

The device can directly access the computer's memory via connection (Thunderbolt) thus providing a very high transmission speed, which also leads to many errors.

Researchers previously believed that these vulnerabilities, known as "Thunderclap", could be mitigated by preventing unauthorized devices from accessing the "Thunderbolt" port or completely destroying it while allowing DisplayPort and USB-C access.

However, the Dutch researchers' attack method can avoid these parameters by changing the firmware that controls Thunderbolt port so that any device can access the port. Consequently, the new penetration technology leaves no trace of hackers who users never know their computer. It is hacked because the OS doesn't show any visible changes.

The attack requires the use of a screwdriver to open the victim's computer. Thunderspy technology provides the security industry a new way to describe the attack as "bad". It is a computerized intervention method that is left to the non-involved intruder.

In addition to the broken port (Thunderbolt), there are currently no actionable hotfixes. Users should also encrypt the hard drive and completely shut down the computer if left unattended to ensure complete protection.

Reuterberg said: "All that is needed for the attack is to remove the back cover of the device, connect the device for a while, and reprogram the firmware of the internal chip responsible for the port (Thunderbolt)." Reuterberg said, "Set the back cover again and use the computer completely. It was done in less than five minutes. "

Previous Post Next Post