A researcher recently posted a proof of concept that gave him access to the contents of a locked laptop in minutes. The crux of the error comes from Thunderbolt. But while he did gain access to the laptop, he needed physical access, a screwdriver, and ready-made parts.
Dubbed Thunderspy, the attack benefits from the fact that Thunderbolt is a direct memory access point. Like PCI-Express and Firewire, Thunderbolt ports can access system memory directly outside the CPU, enabling high transfer rates. But that also makes them vulnerable to direct memory attacks.
As seen in the demonstration video by security researcher Björn Ruytenberg, he can take advantage of Thunderbolt's access to system memory. your data even when the laptop is locked and the hard disk is encrypted.
However, the attack is not easy, but the hacker must be well prepared and need access to your laptop. The hack involves removing the back cover (the bottom) of a laptop and connecting a device to the motherboard to reprogram the firmware.
Although Ruytenberg claims this is a process he can accomplish in minutes, it presupposes familiarity with the laptop and what is needed remove the back cover (if at all possible). Your unattended laptop is unlikely to fall victim to this attack at a Starbucks, but your stolen laptop is a different story.
According to Ruytenberg, the error is not a software problem and cannot be remedied. Instead, a redesign of the chip is needed. Other researchers seem to disagree, at least in part, and argue that Windows 10's new kernel-level security should at least partially fix the problem. And if you use macOS, you are also partially protected.
Rutenberg went on to say that another vector for the attack could bypass the need to partially disassemble the device. But in that case, the hacker should have access to a lightning strike device that was previously connected to the laptop.
It is worth noting that Thunderbolt's potential vulnerabilities are one reason why Microsoft does not include the port on Surface devices. If you're concerned now whether this error is affecting your device, you can check out the ThunderSpy website created by Ruytenberg.
Source: ThunderSpy via Wired