Discussion in 'Article Discussion' started by bit-tech, 12 May 2020.
Personal computers and laptops are probably safe but I see this exploit being a concern for companies and institutions that have older computers and leave computers unattended for a long duration.
What are the odds of gaining physical access to an unattended PC that has Thunderbolt?
Probably more likely to win the lottery
If I were so inclined, I could walk around the office and pwn a few hundred to a thousand or so devices (depending on time available), and the same is likely true of many offices. Anyone who leaves their laptop in a hotel room unattended - or doesn't take it with therm to the bathroom when they go to shower - can be pwned (commonly known as an 'evil maid' attack). In the current climate of drop-shipping laptops to now-suddenly-remote users anyone in the postal/courier system could perform this attack on device sin transit. Somebody who swaps out or seeds malicious Type C chargers could perform this attack, etc.
You completely missed the joke about Thunderbolt being bloody rare in PCs...
(not like it matters, because if you have physical access to a PC then the number of attack vectors is near infinite anyway)
Not in the corporate/enterprise world it isn't. There has been a big push to adopt it because a) the docks are universal and not proprietary and b) they're not complete $#!£ like DispalyLink over USB docks are. Plus devices are refreshed on rolling 3-year cycles so most end up having Thunderbolt anyway.
May be tempered now that the 'hotdesks for everyone!' hype train has thoroughly derailed and smacked into the bridge of 'no shared devices due to contact biohazard'.
Separate names with a comma.