It’s possible to extract data from a computer via its Thunderbolt port – once you’ve got the case off, plugged in a flash programmer, and reprogrammed the controller’s firmware to grant access. This technique, dubbed Thunderspy, can be exploited even if the computer is locked or asleep, and can bypass disk encryption, and any BIOS or operating system-level passwords.

Read full article on The Register