While many computer makers have been more than eager to adopt Thunderbolt to their computers, Microsoft has remained as one of the few that have not, citing security issues as one of the reasons why. It turns out that Microsoft’s concerns are indeed valid, especially with a new Thunderbolt security flaw discovered that could leave millions of PCs vulnerable.This is according to a discovery by Eindhoven University of Technology researcher Björn Ruytenberg, where he found a flaw in Thunderbolt that would allow an attacker to gain full access to the computer’s data, even bypassing the hard disk encryption in the process, and the scary thing is that it takes just five minutes to pull off.
Before you start getting worried, it should be noted that this hack/attack isn’t exactly easy to pull off. While a skilled hacker could take about 5 minutes, it will require physical access to your computer or laptop, and it will also require them to unscrew it. This means that if you keep your laptop on your person at all times, there is a good chance that you will never fall prey to this attack.
According to Ruytenberg who dubbed the attack method “Thunderspy”, “All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop. All of this can be done in under five minutes.”