Security researchers have a found security flaws in the popular Thunderbolt port. If exploited, attackers could access the contents of a locked devices’ hard drive within minutes, even if it is locked, password protected or has an encrypted hard drive.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Although the vulnerabilities found in Thunderbolt are serious, the likelihood that they will be exploited is relatively low since they need physical access. With most of the world still working remotely and conferences and trade shows being held virtually, we have more time to react. Organizations should have their company laptops and cellphones enrolled in Remote Device Management so that if a device is lost or stolen, an employee can report it and the device can be wiped remotely.
Additionally, physical security is an absolute must for any devices affected. Since the vulnerabilities can be exploited even if the device is locked, password protected or has an encrypted hard drive, organizations should consider using hibernation (suspend-to-disk) or powering the system off completely vs. sleep mode (suspend-to-RAM) to ensure devices are protected.
My advice to the consumer is that if your device has Thunderbolt capability, but you do not use or need the ports, you can disable the Thunderbolt controller completely in UEFI (BIOS) to disable the ports.