Recently, a researcher published a proof of concept that showed him access to the contents of a locked laptop in just minutes. The core of the error comes from Thunderbolt. But while he had access to the laptop, he needed physical access, a screwdriver and parts from the shelf.
Called Thunderspy, the attack exploits the fact that Thunderbolt is a direct memory access port. Like PCI-Express and Firewire, Thunderbolt ports have access to system memory directly outside the CPU, enabling high transfer speeds. But it is also what makes them vulnerable to direct memory attacks.
As demonstrated by security researcher Björn Ruytenberg's demonstration video, by utilizing Thunderbolt's access to system memory, a hacker can access your data even when the laptop is locked and the hard drive is encrypted.
However, the attack is not simple, but the hacker must be well prepared and need access to your laptop. The hack involves removing the backplate (bottom) from a laptop and connecting a device to the motherboard to reprogram the firmware.
Although Ruytenberg claims that it is a process that he can perform in minutes, knowledge of the laptop and what is needed to remove the backplate (if at all possible) presupposes. It is unlikely that your unattended laptop would fall victim to this attack on a Starbucks, but your stolen laptop is another story.
According to Ruytenberg, the shortage is not a software problem and cannot be solved. Instead, a new redesign is necessary. Other researchers seem to be at least partially disagreeing, arguing that Windows 10's new kernel-level protection should at least partially mitigate the problem. And if you use macOS, you are also partially protected.
Rutenberg went on to say that another vector for the attack could circumvent the need to partially dismantle the unit. But in that case, the hacker would need access to a thunderstorm that was previously connected to the laptop.
It is worth mentioning that Thunderbolt's potential security vulnerability is one reason why Microsoft does not include the port on Surface devices. For now, if you are worried about this defect affecting your device, you can check on the ThunderSpy website Ruytenberg created.
Source: ThunderSpy via Wired