Security Software

More information on Thunderclap

In February 2019 researchers from the University of Cambridge in the United Kingdom, Rice University in Texas, and SRI International* published details and a proof of concept exploit they called "Thunderclap."

They demonstrate a direct memory access (DMA) vulnerability affecting ThunderboltTM, USB, and other peripheral devices. Using an FPGA-based hardware platform, the researchers demonstrated how a malicious peripheral device could access secret data and change system behavior on systems with USB or Thunderbolt interfaces.

As the researchers note in their whitepaper, major operating systems (OSes), including Windows* (Windows 10 1803 RS4 and later), Linux* (kernel 5.x and later), and MacOS* (MacOS 10.12.4 and later), have already released mitigations for DMA attacks. The researchers did not demonstrate successful DMA attacks against systems with these mitigations enabled.  

After careful assessment, Intel determined that this vulnerability is mitigated on most up-to-date systems that include kernel DMA protection, and by following good security practices, including the use of only trusted peripherals and preventing unauthorized physical access to computers.  

For additional resources on Thunderclap, refer to the Microsoft* blog on DMA protection for Thunderbolt technology. Existing security options for the Thunderbolt interface also allow you to whitelist trusted Thunderbolt devices to help protect your systems from malicious peripherals.

Intel will continue to improve the security of Thunderbolt technology as part of our Security First pledge.

Was this article helpful?YesNo
0% of users found this helpful

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Performance varies depending on system configuration. Check with your system manufacturer or retailer or learn more at

All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps.

Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors.

Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information visit

Performance results are based on testing as of dates shown in configurations and may not reflect all publicly available​ updates.

The products and services described may contain defects or errors known as errata which may cause deviations from published specifications. Current characterized errata are available on request.

Intel provides these materials as-is, with no express or implied warranties.

No product or component can be absolutely secure.

Your costs and results may vary.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries.  Other names and brands may be claimed as the property of others.