Stability paranoiacs have warned for many years that any laptop still left alone with a hacker for more than a several minutes must be deemed compromised. Now 1 Dutch researcher has demonstrated how that form of physical accessibility hacking can be pulled off in an ultra-widespread component: The Intel Thunderbolt port discovered in tens of millions of PCs.
On Sunday, Eindhoven College of Technology researcher Björn Ruytenberg discovered the details of a new attack system he’s calling Thunderspy. On Thunderbolt-enabled Windows or Linux PCs created before 2019, his method can bypass the login display of a sleeping or locked computer—and even its challenging disk encryption—to get complete accessibility to the computer’s data. And although his attack in numerous cases calls for opening a concentrate on laptop’s case with a screwdriver, it leaves no trace of intrusion and can be pulled off in just a several minutes. That opens a new