CATEGORIES
home News

Thunderspy Thunderbolt Security Exploit Can Steal Your Data In Minutes, Millions Of PCs Vulnerable

by Brandon HillMonday, May 11, 2020, 09:06 AM EDT
thunderbolt 3 port
There's a new hardware exploit that's being brought to light courtesy of security researcher Björn Ruytenberg from the Eindhoven University of Technology. The security vulnerability affects devices equipped with Thunderbolt ports, and it's appropriately named Thunderspy.

Before we get started, we should first let you know that while this security exploit is serious, it requires actual physical access to a device to execute. However, with that access comes unprecedented control over a device, once connected to a free Thunderbolt port. In fact, a hacker could theoretically access all data on a computer in under 5 minutes. On top of that, this data can be accessed even if the PC is locked, password protected, and has SSD/HDD encryption turned on... yikes.

Security researchers call this an "evil maid attack", which earns its name from the notion that a maid could pull off a data heist on a laptop left behind in a hotel room. Further adding to the danger of Thunderspy is that the equipment needed to create a device capable of perpetrating the attack would only cost a hacker a few hundred dollars.

Thunderspy affects Thunderbolt-equipped PCs running Windows or Linux manufactured prior to 2019. Apple Macs, which have featured Thunderbolt ports since 2011, are said to be "partially affected" by Thunderspy. Unfortunately, Ruytenberg doesn't go into further detail into what that actually means. 

For its part, Intel -- the company behind Thunderbolt technology – said in a blog post that software mitigations were put in place through Kernel Direct Access (DMA) Protection in operating systems, starting in 2019. The company notes that Windows 10 1803 RS4, Linux kernel 5.x, and macOS 10.12.4 and later have these DMA protections in place.

However, Ruytenberg claims that Kernel DMA Protection doesn't provide full mitigation from attacks, and it cannot be fully patched with software. Also, he didn't find any Dell systems with full Kernel DMA Protection support, and only a handful of Lenovo and HP systems built in 2019 or later were found to be protected. Ruytenberg goes on to state that a silicon redesign would be required and that Thunderspy could threaten future connectivity standards, including USB4 and Thunderbolt 4. 

The only way to fully prevent Thunderspy attacks is to disable your Thunderbolt ports from within BIOS according to the researcher. However, to see if your current Thunderbolt-equipped system is affected, you can use Ruytenberg's Spycheck utility for Windows or Linux.

With that being said, the revelation of Thunderspy comes just days after it was revealed that Microsoft has just said "no" to Thunderbolt 3 ports on its Surface devices, because of DMA attacks just like this that could be accomplished with a "well-prepared stick".

Updated 5/11/2010 @ 7:01pm
 Dell has reached out to us with this comment on its machines with respect to Thunderspy:

Dell Client Consumer and Commercial platforms that shipped starting in 2019 have Kernel DMA protection when SecureBoot is enabled. This offers protection from “Thunderspy” per Intel guidance.

Tags:  Intel, security, Thunderbolt, (NASDAQ:INTC), thunderbolt 3, thunderspy
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment