Thunderbolt ports may put your PC in jeopardy, but only if you leave it alone with a capable and well-prepared hacker.
That’s according to security researcher Björn Ruytenberg from the Eindhoven University of Technology, who outlined seven vulnerabilities in Thunderbolt, collectively called Thunderspy, in a recent paper (via Wired). The vulnerabilities are serious — a hacker who knows what they are doing could gain full access to data on a laptop that’s locked and encrypted.
Laptops made before 2019 with Thunderbolt ports running Windows and Linux are vulnerable. Macs built before 2019 are a little safer, as an attacker would have to use another attack in conjunction with Thunderspy to gain access. The researcher claims the bugs cannot be fixed via a software update.
Pulling off the attack isn’t easy, though. The hacker needs physical access to the machine, so they can unscrew it and attach a device to it (see Ruytenberg’s video below).
[embedded content]
Thunderbolt is a practical hardware interface as it allows for high-speed data transfer as well as charging, and it’s compatible with USB-C. It was first introduced on Apple’s MacBook Pro in 2011.
Thunderbolt is Intel’s standard, and the company issued a response Sunday, claiming that a new security scheme called Kernel Direct Memory Access (DMA) has been implemented since 2019, protecting from these types of attacks. In his paper, Ruytenberg says that “systems supporting Kernel DMA Protection in place of Security Levels, released from 2019 onward, are currently subject to further investigation.”
Thunderbolt came under scrutiny in 2019, when security experts outlined a number of security vulnerabilities under the collective name Thunderclap, which also allow attackers with physical access to a PC to compromise its security. It’s worth noting that Microsoft’s recently launched Surface devices do not support Thunderbolt, allegedly due to security concerns.