Beware the Evil Maid (Thunderspy)

Securing a computer on the internet today is hard enough. But trying to secure a computer against someone with direct physical access is a lot harder. This is the so-called “evil maid” attack: you leave your laptop in your hotel room, giving the maid unfettered access. But this can also be the “evil contractor” attack or even “evil guest” or “hacker teenager” attack. Even if your computer’s hard drive is encrypted and you have a password on your account, it may still be possible to pull data from your computer and/or install malware.


One of the most common vectors for these attacks today revolves around the now-ubiquitous Thunderbolt computer port. This Intel standard enables lightning-fast data transfers and versatile use of high-power peripherals like 4k monitors. Thunderbolt ports are usually USB-C, which has become very common on laptops (particularly Apple laptops). These are the small oval ports that don’t have a connector direction – they can be plugged in without having to flip them a particular way.

But to do this high-speed magic, Intel gave Thunderbolt intimate access to the computer’s memory. And despite recent Thunderbolt flaws being fixed, a researcher has figured out how to hack a computer via this port in just a few minutes. The bad guy just needs a few hundred dollars’ worth of common equipment and physical access. The researcher dubbed this attack Thunderspy.


What To Do (Not Much)

This hacking technique affects all Thunderbolt-equipped PCs manufactured before 2019. Though a fix is now available, it’s still not commonly implemented. You can check to see if your PC is vulnerable using the researcher’s Spycheck app for Windows (or Linux). If so, there’s no way to fix this with a software update – you would have to disable the Thunderbolt ports completely. Short of that, make sure you completely shut down you computer whenever you leave it (the vulnerability requires the computer be running, either asleep or locked).

If you own an Apple computer, you’re in good shape. All Macs are protected against this already and were never vulnerable. However, if you were to use the Bootcamp feature to run Windows or Linux on your Macbook, it would be vulnerable while in this mode.

Need practical security tips?

Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.

Don't get caught with your drawbridge down!

Scroll to Top