In February 2020, researchers from Eindhoven University of Technology reached out to Intel with a report on Thunderbolt™, which they refer to as “Thunderspy.”
In the report, they discussed issues related to invasive physical attacks on Thunderbolt™ hosts and devices. While the underlying vulnerability is not new, and was addressed in operating system releases last year, the researchers demonstrated new potential physical attack vectors using a customized peripheral device on systems that did not have these mitigations enabled..
In 2019, major operating systems (OSes) implemented Kernel Direct Memory Access (DMA) protection to mitigate against attacks such as these. This includes Windows* (Windows 10 1803 RS4 and later), Linux* (kernel 5.x and later), and MacOS* (MacOS 10.12.4 and later). The researchers did not demonstrate successful DMA attacks against systems with these mitigations enabled. Check with your system manufacturer to determine if your system has these mitigations incorporated. For all systems, we recommend following standard security practices, including the use of only trusted peripherals and preventing unauthorized physical access to computers.
For additional resources, refer to the Microsoft* article on Thunderbolt Security in Windows 10 and the corresponding article from Intel in 2019.
As part of our Security-First pledge, Intel will continue to improve the security of Thunderbolt technology, and we thank the researchers from Eindhoven University for reporting this to us.
*This article was originally posted on Technology@Intel.