Beware of this security flaw if you install Windows on Mac — 2022
Whenever we think of security problems, a software bug comes to mind that leaves a door open for hackers. But recently a security investigation has uncovered a major issue with the USB-C connectors we have on Macs.
Thunderbolt 3 becomes an insecure connector
Apple made the decision to reduce the number of physical connections on its Macs to just a few USB-C ports. Although this is an almost universal connection that allows you to transfer files at high speed, the truth is that it is not the safest thing that we can use right now. And this fact is undoubtedly a big problem since this vulnerability in Thunderbolt ports, baptized as Thunderspy , affects millions of laptops that have this connection.
The researcher Björn Ruytenberg from the Technical University of Eindhoven has been responsible for discovering this vulnerability. In short, thanks to this port bug, which affects Windows or Linux computers prior to 2019 you can skip the login screen of a computer. The only thing needed to exploit this vulnerability is a screwdriver to access the inside of the computer in order to change the firmware. The great advantage of this is that when carrying out this entire process, no trace is left behind. To be able to rewrite the firmware, you simply have to have an SPI programmer with a SOP8 chip and follow the entire process that has been reflected in the following video.
But disassembly of the computer is not always required, which can be somewhat cumbersome. Simply with a Thunderbolt peripheral, previously manipulated, it can connect and infect the computer. In this simple way you can skip the login screen where our password is requested to access the desktop. This obviously is not a problem if we always have the computer at home, but if it is stolen or left unattended in a place for a long time it becomes a problem. The hacker could access the contents of the computer and the hard drive without too much trouble with basic programming skills. This is undoubtedly also ideal for those investigative agencies that require access to this equipment, without asking the company. The equipment costs a 600 dollars but if you dedicate yourself to this, you may end up getting the most out of it.
In this case, users canuse windows on an ipadthey are the ones that can be best protected when projecting an image from a computer with this version of the operating system.
Macs can withstand this attack
Although this security flaw affects laptops with a Thunderbolt 3 port, Macs are partially safe. Thanks to Apple's own security systems, no hacker can bypass the macOS screen. The problem starts when you think aboutinstall windows on macsince in these cases you can skip the login screen as mentioned above.
But although with macOS we are sure, this flaw can be exploited to clone the identity of a device. This can open the door to many other security issues related to exploits similar to BadUSB. Among these malware you can find that theMac does not detect the hard driveamong many others. But even if we have a macOS device, which is less at risk, we must be very careful when connecting different peripherals to avoid this type of security problem.