Hackers can now breach personal computers and laptops more easily, especially those that have Intel's Thunderbolt ports. According to Wired's previous report, millions of PCs are vulnerable to hands-on hacking called "Thuderspy."
Also Read: [HACKERS] Millions of PCs with Intel Thunderbolt Flaws are Vulnerable to Hacking; Thunderspy Attack Takes Only Five Minutes
The new bug discovered by Bjorn Ruytenberg, a researcher of the Eindhoven University of Technology, can bypass a computer's login screen, and even the hard disk encryption of a locked, or even sleeping PCs or Windows computers. Most of the targeted computers are manufactured before 2019 that have Intel's Thunderbolt ports.
HP said in the report that it offers protection against direct memory attacks, which Thunderspy relies on, through the Thunderbolt port, which is used mostly by HP Mobile Workstation and Commercial products that support Sure Start Gen5 and beyond. This includes systems that were launched before 2019.
"HP is also unique in that we are the only [computer manufacturer] that provides protection against DMA attacks via internal card (PCI) and Thunderbolt devices," said the company. "Protection from DMA attacks via Thunderbolt is enabled by default."
However, Ruytenberg reiterated that the flaws he discovered cannot be easily fixed with just a software update. "Basically they will have to do a silicon redesign," he said.
New Thuderspy Bug: How to check your PC's Thuderbolt port to avoid being hacked; Here are things you need to know
According to Lifehacker's latest report, Thunderspy affects all Thunderbolt ports and USB-C, or DisplayPort ports, that support Thunderbolt cables. Even if the data is stored on encrypted hardware, these ports can give hackers full access to everything on the computer.
The Thuderspy attack is untraceable since it can steal all the data in just a few minutes without the PC's owner knowing the hack even happened. However, some hardware is safe from the new hands-on hack.
As long as Linux and Windows are not installed via Bootcamp, MacOS computers are safe from the attack, as well as Windows PCs that don't have Thunderbolt support. Some of the recently manufactured computers also have Intel's Kernel Direct Memory Acces Protection (Kernel DMA), a specific security system that will prevent Thuderspy attacks.
A demonstration was conducted resulting in Thuderspy attack failure from the PCs that have Kernel DMA enabled. Products that have this security feature include Linux (kernel 5.x and later), Windows (Windows 10 1803 RS4 and later), and MacOS (MacOS 10.12.4 and later). However, Kernel DMA was only launched in 2019, leaving the majority of computers vulnerable to the attack.
Users can still check if their PCs are vulnerable by downloading a free, open-source diagnostic app that can immediately identify if their device is at risk. Just follow the following steps:
- Install the Spycheck available for Linux and Windows.
- Open the file.
- Look for the Spycheck application located in the unzipped folder.
- Agree to Spycheck license agreement by clicking "Accept."
- From the options listed, choose your PC's port configuration then click "Next."
- The results will be shown on the screen. Close the up by clicking "Exit."