Login | Support
Laptop open on desk with Thunderbolt cable attached, symbolizing security vulnerabilities in Thunderbolt ports
Digital Marketing & Creative

Unfixable Thunderbolt flaws bypass computer access security

by May 18, 2020

Björn Ruytenberg, a Dutch master’s student, discovered critical vulnerabilities in thunderbolt hardware. These flaws let attackers bypass key computer security measures such as Secure Boot, login passwords, and full-disk encryption. The attack, which Ruytenberg calls Thunderspy, requires physical access to a device. It takes only five minutes to execute and leaves no trace.

Thunderbolt’s Design Enables Attacks

Intel and Apple designed Thunderbolt, which has shipped in millions of Windows, Linux, and Mac computers since 2011. The technology enables high-speed data transfers of up to 40 gigabits per second.

To achieve this speed, Thunderbolt devices use direct memory access (DMA). Researchers previously showed that DMA can be exploited to gain full control over systems.

Ruytenberg identified seven vulnerabilities in Thunderbolt’s Security Levels framework, affecting versions 1, 2, and 3. The flaws undermine Thunderbolt’s ability to authorize only trusted devices.

Exploits Demonstrate Full Compromise

Using these vulnerabilities, Ruytenberg developed nine practical exploits. He created fake Thunderbolt devices, cloned authorized ones, and gained PCIe bus access to perform DMA attacks.

He also discovered a method to permanently disable Thunderbolt security and block future firmware updates.

On Macs running Windows or Linux via Apple’s Boot Camp, its security becomes completely disabled. This makes attacks extremely easy to carry out.

Potential Risks and Mitigation

Attackers could use malicious Thunderbolt cables, USB-C adapters, or external drives to compromise most modern laptops and desktops.

Ruytenberg notified Apple and Intel. They acknowledged the flaws but indicated that fixing them likely requires a hardware redesign.

He recommends strict physical security measures:

  • Connect only your own Thunderbolt peripherals.

  • Do not lend or leave peripherals unattended.

  • Power off systems or use hibernation instead of sleep mode.

Intel introduced kernel DMA protection last year to address some vulnerabilities. However, it can reduce performance and break device compatibility when drivers lack DMA remapping support.

Future of Thunderbolt Security

It remains unclear if Intel’s new Thunderbolt 4 standard fixes these issues. USB 4, released last year, supports Thunderbolt signaling and may share similar risks.

Ruytenberg continues his research and plans to release Thunderspy Part Two. In the meantime, he published Spycheck, a free open-source tool for Windows (7, 8.x, 10) and Linux (kernel 3.6+). Spycheck helps users determine if their systems remain vulnerable.

Article courtesy: www.itnews.com.au

Tags: