A hacker left alone with your laptop can gain access to all your data “in under five minutes,” a Dutch researcher has discovered.
Björn Ruytenberg, a researcher at Eindhoven University of Technology, over the weekend detailed a hacking technique he uncovered which makes millions of computers vulnerable.
The “evil maid attack” — the tech industry term for hacker getting access to an unguarded computer when its owner isn’t around — is accomplished using the Thunderbolt port that is found in millions of Windows and Linux PCs.
“All the evil maid needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate, and the evil maid gets full access to the laptop,” Ruytenberg told Wired. “All of this can be done in under five minutes.”
The hacker is able to bypass all the computer’s security and encryption, and within minutes has complete access to all the computer’s data.
Ruytenberg says that the only way to avoid the vulnerability is to disable the Thunderbolt port altogether.
The researcher will be detailing his discovery at a Black Hat security conference this summer, and is releasing a tool so that people can see if their computers might be vulnerable to the hack.
Still, there is no immediate cause for alarm, hardware security researcher Karsten Nohl told the magazine, noting that an attack like that requires “a certain level of sophistication” as well as close physical access to a victim’s computer.