More terrifying is that even if your machine is in sleep mode or locked state, sets up a secure boot, using a reliable BIOS and operating system account password, and enables full disk encryption, the threat is still valid, and this exploit does not leave any trace and does not require any sort of phishing and can steal data from encrypted drives, but it only takes 5 minutes to complete the assault.
Researchers named the vulnerabilities Thunderspy. Since they are hardware-level vulnerabilities, it can be breached with only a few hundred dollars of equipment, Including an SPI encoder and Thunderbolt peripheral worth $200. So, for users, how to defend machines from hackers? Security researchers have supplied some recommendations:
- Use the free open source tool Spycheck to verify whether or not you are under Thunderspy attack.
- Only connect your own Thunderbolt peripherals; do n’t lend them to anyone
- Avoid leaving your system unattended while powered on, even when screenlocked.
- Avoid leaving your Thunderbolt peripherals unattended.
- Ensure appropriate physical security when storing your system and any Thunderbolt devices, including Thunderbolt-powered displays.
- Consider using hibernation (Suspend-to-Disk) or powering off the system completely. Specifically, avoid using sleep mode (Suspend-to-RAM).
However, if you do not intend to use Thunderbolt, security researchers recommend you to disable the Thunderbolt controller entirely in UEFI (BIOS). Do note that this renders all Thunderbolt ports inoperable, including USB and DisplayPort connectivity. However, USB-C charging will most likely remain functioning.