If an attacker can get his hands on a Thunderbolt-equipped device for five minutes, he can launch a new data-stealing attack called “Thunderspy.” A new attack enables bad actors to steal data from Windows or Linux devices equipped with Thunderbolt ports – if they can get their hands on the device for just five minutes. The attack, called “Thunderspy,” specifically targets Thunderbolt technology, which is a hardware interface developed by Intel (in collaboration with Apple) that allows users to consolidate data transfer, charging and video peripherals into a single connector. While Apple first introduced Thunderbolt ports on its MacBook Pro in 2011, the technology has also been widely adopted with varying PCs such as Dell, HP and Lenovo. Researchers say all Thunderbolt-equipped devices manufactured before 2019 are vulnerable — meaning that there are millions of devices at risk.
Source: Threatpost
