![intrusion 2 demo hacked intrusion 2 demo hacked](https://www.passportalmsp.com/files/blog/BlogWednesday-1080x1080-1.png)
When WIRED reached out to the company it responded in a blog post noting, as the researchers had, that Kernel DMA Protections prevent the attack. Ruytenberg shared his findings with Intel three months ago. And that's pretty much it." That version of the Thunderspy attack only works, however, when the Thunderbolt port's security settings are configured to their default setting of allowing trusted devices. "There's no real cryptography involved here," Ruytenberg says. That way he could bypass a target device's lock screen without even opening the case. Thunderbolt devices set as "trusted" for a target computer contain a 64-bit code that Ruytenberg found he could access and copy from one gadget to another.
![intrusion 2 demo hacked intrusion 2 demo hacked](https://img.appnee.com/appnee.com/Intrusion-2-v1.0.jpg)
Ruytenberg says there's also a less invasive version of his Thunderspy attack, but it requires access to a Thunderbolt peripheral the user has plugged into their computer at some point. "All of this can be done in under five minutes."
#INTRUSION 2 DEMO HACKED FULL#
"All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop," says Ruytenberg, who plans to present his Thunderspy research at the Black Hat security conference this summer-or the virtual conference that may replace it.
#INTRUSION 2 DEMO HACKED SOFTWARE#
Ruytenberg says there's no easy software fix, only disabling the Thunderbolt port altogether. That opens a new avenue to what the security industry calls an "evil maid attack," the threat of any hacker who can get alone time with a computer in, say, a hotel room. And while his attack in many cases requires opening a target laptop's case with a screwdriver, it leaves no trace of intrusion and can be pulled off in just a few minutes. On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer-and even its hard disk encryption-to gain full access to the computer's data. On Sunday, Eindhoven University of Technology researcher Björn Ruytenberg revealed the details of a new attack method he's calling Thunderspy. Now one Dutch researcher has demonstrated how that sort of physical access hacking can be pulled off in an ultra-common component: The Intel Thunderbolt port found in millions of PCs. Security paranoiacs have warned for years that any laptop left alone with a hacker for more than a few minutes should be considered compromised.