The so-called Thunderspy attack takes less than five minutes to pull off with physical access to a device, and it affects any PC manufactured before 2019.
According to Björn Ruytenberg of the Eindhoven University of Technology, the flaw could allow a hacker to bypass a device’s login screen and hard drive encryption in under five minutes.
As reported by WIRED, Ruytenberg published a video demonstrating how a hacker with physical access to a target laptop could gain access to the Thunderbolt controller and rewrite the firmware – deactivating security facilities in the process.
The researcher claims the only way to remedy the flaw – which he refers to as Thunderspy – is to completely disable the Thunderbolt port through the computer’s BIOS.
For the purposes of the demonstration, he used about $400 worth of equipment, including an SPI programmer device with an SOP8 clip. He claims with greater funds (roughly $10,000) it would be simple to build the entire setup as a single small device.
Ruytenberg alerted Intel to the flaw in February and the company has since published a blog post, in which it explains that the majority of users should already be protected against this variety of attack by virtue of updates made to operating systems.
“In 2019, major operating systems implemented Kernel Direct Memory Access (DMA) protection to mitigate against attacks such as these,” said the firm.