Devices supporting Thunderbolt are open to hacking.How to protect your data

Devices offering support to Thunderbolt peripheral and charging connectors are vulnerable to hacking, according to newly published research. If you have a computer with Thunderbolt ports, you may be at risk of a serious firmware flaw known as “Thunderspy.”

It’s a serious vulnerability, but it’s only exploitable if the attacker has physical access to your machine and enough time to open it up and carry out the attack.macOS computers are safe as long as they don’t have Windows or Linux installed via Bootcamp, as are Windows PCs that lack Thunderbolt support. There’s also a small selection of recent computers that are equipped with a specific security system from Intel known as Kernel Direct Memory Access Protection (Kernel DMA) that will prevent Thunderspy attacks.

Thunderspy is stealth, meaning that you cannot find any traces of the attack. It does not require your involvement, i.e., there is no phishing link or malicious piece of hardware that the attacker tricks you into using. Thunderspy works even if you follow best security practices by locking or suspending your computer when leaving briefly, and if your system administrator has set up the device with Secure Boot, strong BIOS, and operating system account passwords, and enabled full disk encryption.

Thunderbolt: A Closer Look

Thunderbolt controllers can operate in either Host Mode or Endpoint Mode. In Host Mode, Thunderbolt controllers connect to the system using a bare-metal PCIe interface. Unfortunately, Kernel DMA was only introduced in 2019, which means the majority of computers with Thunderbolt-compliant USB and DisplayPort plugs are at risk.

While it’s unlikely that average users are going to be directly targeted, you should still be practicing data security while out in public.

A lot of it is pretty basic:

  • Watch your belongings and never them unattended.
  • Never let strangers use your devices.
  • If you decided to let someone you trust briefly borrow your devices, make sure to create a guest profile for them to use instead of your main account.
  • And lastly, if you’re giving away or selling your old hardware, make sure you wipe any data stored on it by performing a factory reset.

More info about the latest vulnerability you can find in Intel’s latest post.