Attack Against PC Thunderbolt Port
The attack requires physical access to the computer, but it's pretty devastating:
On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer -- and even its hard disk encryption -- to gain full access to the computer's data. And while his attack in many cases requires opening a target laptop's case with a screwdriver, it leaves no trace of intrusion and can be pulled off in just a few minutes. That opens a new avenue to what the security industry calls an "evil maid attack," the threat of any hacker who can get alone time with a computer in, say, a hotel room. Ruytenberg says there's no easy software fix, only disabling the Thunderbolt port altogether.
"All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop," says Ruytenberg, who plans to present his Thunderspy research at the Black Hat security conference this summeror the virtual conference that may replace it. "All of this can be done in under five minutes."
Lots of details in the article above, and in the attack website. (We know it's a modern hack, because it comes with its own website and logo.)
EDITED TO ADD (5/14): More.
Posted on May 12, 2020 at 6:09 AM • 19 Comments