TECH

Thunderbolt Flaw Allows Your Data to Be Stolen in 5 Minutes

Laptops get stolen, which is why we're told to use strong passwords and encrypt our data. But if your machine has a Thunderbolt port, neither of those safety measures will protect your data from a hacker using Thunderspy.
As Engadget reports, MSc student Björn Ruytenberg, who specializes in Information Security, has shared details of a technique that can be used to steal data from any device with a Thunderbolt port. It doesn't matter if the computer is locked, sleeping, or the storage drive encrypted, the data is susceptible to this hack.
 In total, Ruytenberg discovered seven vulnerabilities that can break all primary security on Thunderbolt 1, 2, and 3 ports, meaning all Thunderbolt-equipped systems shipped since 2011 are susceptible. Using those seven vulnerabilities, nine "practical exploitation scenarios" have been discovered. If that wasn't bad enough, Ruytenberg claims the vulnerabilities can't be patched out in software and, "impact future standards such as USB 4 and Thunderbolt 4, and will require a silicon redesign."
If your system includes Kernel DMA Protection for Thunderbolt 3, which protects against Direct Memory Access (DMA) attacks, Ruytenberg says you are partially protected from some of the vulnerabilities. However, such protection has only been available since last year. As to whether Intel intends to address all the vulnerabilities, Ruytenberg says the company has no plans to do so, and its "decision not to mitigate the Thunderspy vulnerabilities on in-market systems remains unknown."
Intel's public response ties up with what Ruytenberg says, with a spokesperson stating "This attack could not be successfully demonstrated on systems with Kernel DMA protection enabled. As always, we encourage everyone to follow good security practices, including preventing unauthorized physical access to computers." In a recent blog post, Jerry Bryant, director of security communication in the Intel Platform Assurance and Security group, said, "While the underlying vulnerability is not new and was addressed in operating system releases last year, the researchers demonstrated new potential physical attack vectors using a customized peripheral device on systems that did not have these mitigations enabled." He goes on to point to Windows 10, Linux, and macOS updates to help protect users.

If you want to confirm your system is vulnerable to Thunderspy, Ruytenberg is offering a Spycheck tool for Windows and Linux users. However, the only way to truly protect your system against Thunderspy is to disable the Thunderbolt controller entirely in the UEFI BIOS. If you use Thunderbolt peripherals, though, then the only defense is a set of commonsense protections. It's a different story for Mac users, with Apple stating to Ruytenberg that, "Some of the hardware security features you outlined are only available when users run macOS. If users are concerned about any of the issues in your paper, we recommend that they use macOS."

Matthew Humphries