Research has discovered a flaw in Intel’s Thunderbolt port that puts the security of millions of laptops manufactured before 2019 at risk. Björn Ruytenberg of the Eindhoven University of Technology calls it the “Thunderspy” and says that it lets the attacker “read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep.” He claims that the only way to remedy the security flaw is to completely disable the Thunderbolt port through the computer’s BIOS.
While demonstrating the attack, Ruytenberg used a mere $400 worth of equipment that included a SOP8 chip and an SPI programmer device. Ruytenberg said that this cheap solution gives “full access to the laptop.” He furthered that in order to perform the attack, all that the attacker “needs to do is unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate.” This can be performed within five easy minutes of the attack. He claimed that with good funding one can easily build the entire setup in a single small device.
Ryutenberg had informed Intel of the security flaw in February, which was followed by a blog post published by the company in which they explained that the majority of users should be protected against such attacks as they have updated a Thunderbolt security system called Kernel Direct Memory Access Protection. However, this update is available only to the notebooks launched in 2019 and onwards. Since the exploit is effective to all devices with Thunderbolt ports, it includes notebooks that go back as far as 2011.
If your device is older than 2019, i.e., your Thunderbolt port is insecure, one must be careful as to what devices are being connected to the port. In that case, only trusted devices should be plugged into the Thunderbolt port. However, this is not some over-the-air attack, hence, chances are rare that you’ll ever be attacked in this way. But as we know, prevention is always better than cure!