Thunderbolt flaws may leave PCs vulnerable to physical hacks

All attackers need is five minutes alone with your computer, warns a security researcher.

Carrie Mihalcik Former Managing Editor / News
Carrie was a managing editor at CNET focused on breaking and trending news. She'd been reporting and editing for more than a decade, including at the National Journal and Current TV.
Expertise Breaking News, Technology Credentials
  • Carrie has lived on both coasts and can definitively say that Chesapeake Bay blue crabs are the best.
Carrie Mihalcik

Thunderbolt, developed by Intel, is a popular multipurpose connector.

Neil Godwin/T3 Magazine/Future via Getty Images

Millions of computers made before 2019 are said to be vulnerable to physical attacks that take aim at a common component: the Thunderbolt port. Security researcher Bjorn Ruytenberg on Sunday revealed the so-called Thunderspy attack, which lets hackers read and copy data on a PC, even if it's locked or asleep, in just a few minutes. 

Ruytenberg said seven vulnerabilities were uncovered in Intel's Thunderbolt design. The flaws make it possible for someone with "5 minutes alone with the computer, a screwdriver, and some easily portable hardware" to bypass security measures in order to steal data from encrypted drives and memory, according to Ruytenberg.

Thunderbolt, embraced first by Apple in 2011 and later by some Windows PC makers, has proved popular in high-end computing situations demanding a multipurpose connector. A single Thunderbolt port can link to external monitors, network adapters, storage systems and more. 

In a blog post on Sunday, Intel said Thunderspy-type of attacks were mitigated with the implementation of Kernel Direct Memory Access (DMA) Protection. However the security feature isn't available in computers made before 2019. Intel also encouraged people to only use trusted peripherals and to prevent unauthorized physical access to computers.

See also: Dumping passwords can improve your security -- really

Watch this: In a world of bad passwords, a security key could be your new best friend