Granted, you need physical access to the PC or laptop, but Thunderbolt has been exposed to being vulnerable, in fact, I need to restate that, it has seven vulnerabilities. The vulnerabilities make it possible to steal information from your computer if a hacker manages to access the port briefly.
The new findings have been discovered by a research from a master student at Eindhoven University of Technology.
"All the attacker needs is five minutes of undisturbed access to the computer, a screwdriver, and some portable hardware," the university writes on its website.
"We present Thunderspy, a series of attacks that break all primary security claims for Thunderbolt 1, 2, and 3. So far, our research has found the following vulnerabilities:
- Inadequate firmware verification schemes
- Weak device authentication scheme
- Use of unauthenticated device metadata
- Downgrade attack using backwards compatibility
- Use of unauthenticated controller configurations
- SPI flash interface deficiencies
- No Thunderbolt security on Boot Camp
These vulnerabilities lead to nine practical exploitation scenarios. In an evil maid threat model and varying Security Levels, we demonstrate the ability to create arbitrary Thunderbolt device identities, clone user-authorized Thunderbolt devices, and finally obtain PCIe connectivity to perform DMA attacks. In addition, we show unauthenticated overriding of Security Level configurations, including the ability to disable Thunderbolt security entirely, and restoring Thunderbolt connectivity if the system is restricted to exclusively passing through USB and/or DisplayPort. We conclude with demonstrating the ability to permanently disable Thunderbolt security and block all future firmware updates.
All Thunderbolt-equipped systems shipped between 2011-2020 are vulnerable. Some systems providing Kernel DMA Protection, shipping since 2019, are partially vulnerable. The Thunderspy vulnerabilities cannot be fixed in software, impact future standards such as USB 4 and Thunderbolt 4, and will require a silicon redesign. Users are therefore strongly encouraged to determine whether they are affected using Spycheck, a free and open-source tool we have developed that verifies whether their systems are vulnerable to Thunderspy. If it is found to be vulnerable, Spycheck will guide users to recommendations on how to help protect their system."
The vulnerabilities have been categorized under the name Thunderspy, and include seven vulnerabilities primarily affecting Linux and Windows, it seems macOS is less vulnerable due to a separate layer of security. The vulnerabilities apply to Thunderbolt 1, 2 and 3.
Many computers built after 2011 have such a port, which is used for external hard drives, among other things. According to master student Björn Ruytenberg, these vulnerabilities are not adequately protected with modern cryptographic methods. The university has contacted Intel and Apple, which makes extensive use of the Thunderbolt port. Intel points out in a blog post certain protection software, Kernal DMA Protection, should address the issue. However, it can only be used on recent hardware from 2019 or later.
Eindhoven University of Technology offers a special tool on the website to check whether your PC or laptop can be hacked using this method.
Thunderbolt has seven vulnerabilities that cannot be patched on older PCs and Laptops
