Here's why you should never leave anyone alone with your laptop

(Image credit: Shutterstock / La1n)

A flaw in the common Intel Thunderbolt port could allow hackers to break into affected devices in a matter of minutes, researchers have claimed.

The vulnerability is found in millions of Windows and Linux PCs manufactured before 2019 and can be used by an attacker with physical access to the device to circumvent both password protection and hard disk encryption.

Uncovered by security researcher Björn Ruytenberg of the Eindhoven University of Technology, the physical access attack - which he refers to as Thunderspy - can scrape data from the target machine without leaving so much as a trace.

The issue reportedly cannot be resolved via a simple software fix - but only by deactivating the vulnerable port.

Thunderbolt vulnerability

The newly discovered Thunderbolt vulnerability opens the door to what Ruytenberg refers to as an “evil maid attack” - an attack that can be executed if the hacker is afforded time alone with a device.

“All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop. All of this can be done in under five minutes,” he explained.

According to Ruytenberg, the Thunderspy technique (demonstrated in this video) only requires circa $400 worth of equipment, which can be used to rewrite the Thunderbolt controller’s firmware and override security mechanisms.

The researcher disclosed his findings to Intel in February, as acknowledged by the firm in a recent blog post, in which it also sets out its advice to affected users.

“While the underlying vulnerability is not new and was addressed in operating system releases last year, the researchers demonstrated new potential physical attack vectors using a customized peripheral device,” said the firm.

Intel also stressed that the most widely used operating systems have all introduced Kernal Direct Memory Access (DMA) protection to shield against attacks such as this.

“The researchers did not demonstrate successful DMA attacks against systems with these mitigations enabled. Please check with your system manufacturer to determine if your system has these mitigations incorporated,” the company advised.

Unless you happen to be living with an “evil maid” under quarantine, your device is most likely safe for now. However, Intel has recommended owners of affected devices use only trusted peripherals and do not leave devices unattended for an extended period if possible.

Via WIRED

TOPICS
Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Latest in Pro
European Union technical background
EU tech companies push for digital sovereignty, reducing reliance on US and others
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
3D version of the Adobe logo
Adobe Summit 2025 - all the news and updates as it happens
A person typing on a laptop to check battery life
How Google's new anti-scraping measures are forcing an industry evolution
Teams on iPhone and Mac
Microsoft Teams has a whole new way for you to talk to (or annoy) your co-workers
An abstract image of digital security.
Technology monitoring solutions are becoming obsolete
Latest in News
An image of the Nintendo Switch 2
Nintendo Switch 2 could have AI upscaling similar to PS5 Pro’s PSSR according to patent, and it could be a gamechanger for graphics on the upcoming console
PowerColor Red Devil AMD RX 9070 XT graphics card shown side-on
Your next GPU could be from AMD, not Nvidia, if Team Red’s success with PC gamers continues
Quordle on a smartphone held in a hand
Quordle hints and answers for Tuesday, March 18 (game #1149)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 18 (game #380)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Tuesday, March 18 (game #646)
Samsung Galaxy S24 hands on handheld back straight white
The Samsung Galaxy S24 is getting one of the S25’s biggest video upgrades with One UI 7 – here’s why Log Video matters