Cybersecurity Expert On Intel Thunderbolt Port Flaw

Following the news around researchers finding a major bug in the Thunderbolt ports made by Intel and found in millions of PC’s, chief security scientist commented below as part of our expert commenting series.

Experts Comments

May 12, 2020
Joseph Carson
Thycotic
Chief Security Scientist
The Thunderbolt flaw exposed on millions of computers is a serious issue as it allows an attacker only a matter of minutes to bypass the device security that keeps unauthorized users out. Though luckily for this attack, it does require physical access and requires visible tampering so it can only happen when an attacker is alone for several minutes with your computer. This means leaving your computer for only a few minutes gives an attacker the ability to gain access to your data, activity.....Read More
The Thunderbolt flaw exposed on millions of computers is a serious issue as it allows an attacker only a matter of minutes to bypass the device security that keeps unauthorized users out. Though luckily for this attack, it does require physical access and requires visible tampering so it can only happen when an attacker is alone for several minutes with your computer. This means leaving your computer for only a few minutes gives an attacker the ability to gain access to your data, activity and accounts. It might be worth making it a little bit more difficult and placing tamper resistant stickers over your device screws to at least make any tamper more visible, though this by itself is not full proof. Making sure to log off when you leave your device unattended makes it more difficult, though again, not impossible for the attacker to gain access. Anything you can do to force the attacker to take more time being successful for such attacks increases the risks of them getting exposed. At this time, I have not seen any evidence of this attack being used though it does raise questions to how long attackers may have known about this. Unfortunately for this attack, there is no easy fix and any vendor’s hardware exposed by this attack will need to come up with creative ideas to make it more difficult and fully resolve the vulnerability.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.