Laptops get stolen, which is why we’re told to use strong passwords and encrypt our data. But if your machine has a Thunderbolt port, neither of those safety measures will protect your data from a hacker using Thunderspy.
As Engadget reports, MSc student Björn Ruytenberg, who specializes in Information Security, has shared details of a technique that can be used to steal data from any device with a Thunderbolt port. It doesn’t matter if the computer is locked, sleeping, or the storage drive encrypted, the data is susceptible to this hack.
The method is called Thunderspy, and it requires physical access to the target device. As the video below shows, it only takes five minutes to grab the data off a machine:
In total, Ruytenberg discovered seven vulnerabilities that can break all primary security on Thunderbolt 1, 2, and 3 ports, meaning all Thunderbolt-equipped systems shipped since 2011 are susceptible. Using those seven vulnerabilities, nine “practical exploitation scenarios” have been discovered. If that wasn’t bad enough, Ruytenberg claims the vulnerabilities can’t be patched out in software and, “impact future standards such as USB 4 and Thunderbolt 4, and will require a silicon redesign.”
If your system includes Kernel DMA Protection for Thunderbolt 3, which protects against Direct Memory Access (DMA) attacks, Ruytenberg says you are partially protected from some of the vulnerabilities. However, such protection has only been available since last year. As to whether Intel intends to address all the vulnerabilities, Ruytenberg says the company has no plans to do so, and its “decision not to mitigate the Thunderspy vulnerabilities on in-market systems remains unknown.”
If you want to confirm your system is vulnerable to Thunderspy, Ruytenberg is offering a Spycheck tool for Windows and Linux users. However, the only way to truly protect your system against Thunderspy is to disable the Thunderbolt controller entirely in the UEFI BIOS. If you use Thunderbolt peripherals, though, then the only defense is a set of commonsense protections. It’s a different story for Mac users, with Apple stating to Ruytenberg that, “Some of the hardware security features you outlined are only available when users run macOS. If users are concerned about any of the issues in your paper, we recommend that they use macOS.”