
Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking - madars
https://www.wired.com/story/thunderspy-thunderbolt-evil-maid-hacking/
======
madars
The research itself: [https://thunderspy.io/](https://thunderspy.io/)

------
ciupicri
Are there really millions of PCs with a Thunderbolt port? It's mostly some
NUCs and expensive laptops that have one.

~~~
fortran77
It'a actually hard to get one with it. Our go-to vendor for mobos, SuperMicro,
doesn't have it on board or in an add-on card for their workstation product
line.

[https://www.supermicro.com/support/faqs/faq.cfm?faq=26987](https://www.supermicro.com/support/faqs/faq.cfm?faq=26987)

From the article

> All the evil maid needs to do is unscrew the backplate, attach a device
> momentarily, reprogram the firmware, reattach the backplate, and the evil
> maid gets full access to the laptop,"

There's a lot you can do with this sort of access. The "evil maid" could also
hide a camera in the room that can see the computer's keyboard and get
passwords, etc. I wouldn't worry too much about this risk. Not too many
laptops can be quickly unscrewed and put back together these days....

