Major computer bug means millions could be at risk of hack, security expert warns
Flaw can be exploited within minutes and users would not even know it had happened, researchers warn
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A major bug in the Thunderbolt ports used in computers allows a hacker access to the protected files they store, security researchers say.
The bug would allow a hacker to access the contents of a laptop within minutes, they say.
To use the hack, an attacker would need physical access to the device. But that device could be locked, encrypted and secured with a password, and a hacker would still be able to read what was contained on it, according to the Eindhoven University of Technology researchers who discovered the bug.
The researchers caution that the attack is stealthy, meaning that people affected by the bug would not even be able to find any trace of it. A computer's owner does not need ton do anything to be hit by it and it can get around even sophisticated security protections.
Called "Thunderspy", the attack takes advantage of a problem in the Thunderbolt port used on many modern laptops and desktop computers. That port is intended to allow quick transfer of files between computers – but it does so in part because it has easier access to some of the central parts of the computer's architecture, which can serve as an advantage to hackers.
The researchers who discovered the bug have established a special website, also named Thunderspy, which includes a tool to check whether a given computer is vulnerable. If it is, it will give advice on how to protect against the bug – though putting those protections in place is somewhat convoluted.
Björn Ruytenberg, who found the issue, posted a video in which he shows how quickly and simply the attack could be exploited. In just a few minutes, he is able to remove the backplate from the laptop, attaches a relatively cheap device to the inside, and is then able to log in as normal.
A hacker could use the same technique on a laptop that was found inside of a hotel, for instance, the researchers noted. The technology required costs just a few hundred dollars and is relatively small, they said.
Thunderbolt-maker Intel recognised the flaw, and said that it had protected against it with an update to operating systems that came out earlier this year. But security researchers said that update had not been applied on all hardware, and Wired reported that computers from Dell, HP and Lenovo were all still affected by the bug.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments