Security researchers have a found security flaws in the popular Thunderbolt port. If exploited, attackers could access the contents of a locked devices’ hard drive within minutes, even if it is locked, password protected or has an encrypted hard drive.

Subscribe
Notify of
guest

1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Josh Smith
Josh Smith , Security Analyst
InfoSec Expert
May 12, 2020 4:30 pm

Although the vulnerabilities found in Thunderbolt are serious, the likelihood that they will be exploited is relatively low since they need physical access. With most of the world still working remotely and conferences and trade shows being held virtually, we have more time to react. Organizations should have their company laptops and cellphones enrolled in Remote Device Management so that if a device is lost or stolen, an employee can report it and the device can be wiped remotely.

Additionally, physical security is an absolute must for any devices affected. Since the vulnerabilities can be exploited even if the device is locked, password protected or has an encrypted hard drive, organizations should consider using hibernation (suspend-to-disk) or powering the system off completely vs. sleep mode (suspend-to-RAM) to ensure devices are protected.

My advice to the consumer is that if your device has Thunderbolt capability, but you do not use or need the ports, you can disable the Thunderbolt controller completely in UEFI (BIOS) to disable the ports.

Last edited 2 years ago by Josh Smith
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x