2-MIN READ

Thunderspy Flaw on Windows PCs Can't be Patched, Putting Millions at Risk

Thunderspy Flaw on Windows PCs Can't be Patched, Putting Millions at Risk

The exploit exists via the Thunderbolt port on your desktop or laptop, and the only saving grace is that it cannot be exploited remotely.

Shouvik Das
  • News18.com
  • Last Updated: May 11, 2020, 3:21 PM IST
Share this:

The Thunderbolt port in your Windows PC, be it a desktop or a laptop, is most likely your favourite since it offers significantly faster data transfers. However, it also happens to be the reason why your PC, and millions of others around the world bought before 2019, are at risk to a physical vulnerability. Using this, hackers can bypass any software-based security restriction on your device, and in turn, gain access to your entire computer's data load. The flaw, found by Dutch security researcher Bjorn Ruytenberg of the Eindhoven University of Technology, and reported by Wired, is being called Thunderspy. Why should you care? Because, your PC is highly likely to have this flaw too.

Before you get exceedingly alarmed, relax a bit. Thunderspy is, fortunately, not linked to the network connectivity chops of PCs. As a result, it does not have a network exploit that can be executed by hackers remotely. What Thunderspy essentially does is exploit the performance benefit of Thunderbolt ports, which offer faster data transfer rates by virtue of deeper level memory access, among other things. Through his research exploit, Ruytenberg was able to fully bypass a PC's security layers and gain access to data stored in the PC — hence making this an alarming vulnerability for so many devices to have.

There is only one, small respite — to use this, hackers will need to have physical access to the device, a screwdriver and at least about 10 minutes of time without being detected. As Ruytenberg showed, the process required him to unscrew the back plate of a laptop, attach an SPI programmer device to the Thunderbolt controller chip, and reprogramme the firmware by fully turning off the security settings of Thunderbolt. He then reattached the backplate, and plugged in an Akitio PCIe expansion box to the Thunderbolt port to completely bypass the lockscreen of a PC, therefore getting full access to a computer and all of its data.

Interestingly, vulnerabilities linked to Thunderbolt ports are not particularly new, and its chipmaker, Intel, has been aware of the issues. In 2019, Intel released Kernel Direct Memory Access Protection for devices with Thunderbolt in order to protect the flaw. However, that has since seen limited adoption. Wired's report states that only HP has accounted for Thunderbolt hacks with proprietary software, while a select few Lenovo laptops post 2019 also have Intel's Kernal DMA Protection enabled. However, no laptops made by Dell, one of the biggest players in the PC space, featured the solution.

There is more to the Thunderbolt port-related vulnerability. Ruytenberg stated that if a hacker gets access to a Thunderbolt device that a user has plugged in to their PCs at some point and marked it as 'trusted', the hacker could simply read off a 64-bit code from the drive, copy it to a malicious drive, and use the latter to bypass the device lockscreen without needing to open the laptop's back plate. As a result, while this may not immediately threaten the security of your PC, it may be a considerable threat to anyone working a sensitive job, and typically does multiple in-person meetings.

The vulnerability, as it so far seems, is not patchable by a software update since the issue lies with the Thunderbolt chip hardware. As a result, the only solution at hand for users is to go into your device's BIOS, and turn off Thunderbolt entirely. While this would turn the port into a standard USB port, it would still be more secure than leaving your laptop open to a vulnerability that seemingly exists without a proper patch.


Share this:
Next Story
corona virus btn
corona virus btn
Loading