Thunderbolt Flaw Could Bypass Security, Encryption

John Lister's picture

A researcher has found a major bug with Thunderbolt port technology that could undermine major security measures on multiple computer systems. There's a big mitigating factor though: an attacker would need extended physical access to the computer in order to carry out the exploit.

Thunderbolt is a technology that is similar in concept to USB, but adds fiber optic to the usual copper wires. Compared to USB, Thunderbolt has high speed and capacity. Common uses include super-fast device charging (including laptops), 4K video, and extremely quick data transfers.

Originally Thunderbolt was only seen on Macs but it now works with Windows and Linux-based PCs. That's particularly easier with the latest version of Thunderbolt that uses USB-C connections rather than the less-common DisplayPort slot.

Disk Encryption Bypassed

Security researcher Bjorn Ruytenberg says he's found a major flaw in Thunderbolt that affects the port itself. The flaw means it is possible for at attacker to effectively unlock access to the port and then use this to copy data from the computer. (Source: betanews.com)

According to Ruytenberg this would work regardless of several security measures such as passwords, the computer going into sleep mode when left unattended, and even disk encryption. That said, the attack won't work if the computer is completely shut down. It's also likely that security monitoring software wouldn't detect or record the attack.

The big limitation is that the attacker would need to take several steps including taking the casing off the computer, rewriting the relevant firmware to access the port, adding a specialist device to copy the data, then restoring the original firmware and putting the computer back together.

Attacker Would Need Some Time

That would mean the attacker would not only need to get hold of the computer for a decent amount of time, but they likely wouldn't be able to complete the data theft in public without attracting attention.

Perhaps a more serious risk is that the attacker could also alter the computer to pre-authorized devices to connect through the Thunderbolt port. That would mean future data theft would simply involve plugging a device in and copying files. That could be particularly useful for corporate espionage. (Source: theregister.co.uk)

At the moment it doesn't appear the flaw can be fixed through a software update and instead would need hardware changes.

What's Your Opinion?

Do your computers have a Thunderbolt connection? Do you worry about attacks that involve physical access to your computer? Or do you figure that if somebody steals your PC, the chances are they are going to get access to your data somehow?

Rate this article: 
Average: 5 (3 votes)

Comments

Navy vet's picture

Like Dennis points out, An attacker would need physical access to your PC’s internals to use this attack. According to Ars Technica: “While the weakness it exploits is real and should be closed, the vast majority of people—think 99 percent—shouldn’t worry about it.”