•  
  •  
  •  
  •  
  •  
  •  

The Achilles’ heel tale is too ancient and is a sort of anachronism; we recommend it be renamed. According to security researcher Björn Ruytenberg from the Eindhoven University of Technology, it seems that the modern notion of vulnerability is actually your computer’s Thunderbolt connection. If we’re to believe Björn, who gave a full account of his experiment, hackers can enter your fully armored and locked laptop on cue.

However, it’s not the right time to toss your laptop into the garbage bin, because hackers still need to get physical access to your computer, a screwdriver, and a couple of minutes. 

But it’s only the tip of the iceberg, to use the metaphor, with the most important stuff lurking underneath – Björn reckons that even software updates couldn’t resolve the security gap, and only the complete reconstruction of the hardware can fix the trouble. 

His report claims that “all Thunderbolt-equipped systems shipped between 2011-2020 are vulnerable”. To soothe you, we can assure you not to worry a lot about it unless you’ve something to hide on your laptop. The spy attack requires an extended preparation period for a hacker to have a chance to open a back panel of your computer and connect to it.

Image credit: howtogeek.com

I don’t know whether it was a good idea, but Björn Ruytenberg has posted a video (spy tutorial, just kidding) demonstrating how a hacker could perform his attack. In the video, he pulls out the back panel and sticks a device to a secured Lenovo laptop, and reaches the internal data, and transmits all logs and passwords.

The group of researchers known for unveiling flaws in Thunderbolt components, “Thunderclap”, has suggested users take advantage of a Thunderbolt feature known as “security levels,” which, on paper at least, should forbid access to unknown and strange devices to your hardware, or the second option is to disable the Thunderbolt connection all together, turning it into a garden-variety USB port. These options to secure the device are slight because Ruytenberg’s new technique allows a spy to fend off secure systems and reform the roots of the internal chip responsible for the Thunderbolt port, thus shifting all security settings to allow access.

To save your laptop from unwanted spy connections, Ruytenberg advises you to poke around and make some adjustments in the device and switch off the computer’s Thunderbolt ports in the machine’s BIOS, enable hard drive encryption, and turn off your computer when leaving it unattended. The researcher has also constructed a software application that doesn’t defend your beloved device but confirms whether it is vulnerable to a spy attack.

0
0