Thunderbolt flaws affect millions of computers – even locking unattended devices won't help

Thunderbolt vulnerabilities can let attacker with physical access steal data from memory and encrypted drives.

AMD makes another big push against rival Intel

A Dutch researcher has detailed nine attack scenarios that work against all computers with Thunderbolt shipped since 2011 and which allow an attacker with physical access to quickly steal data from encrypted drives and memory. 

Researcher Björn Ruytenberg detailed the so-called Thunderspy attacks in a report published on Sunday, warning that the attacks work even when users follow security best practice, such as locking an unattended computer, setting up Secure Boot, using strong BIOS and operating system account passwords, and enabling full disk encryption. 

Microsoft was sufficiently concerned about the vulnerability of Thunderbolt 3 to Direct Memory Access (DMA) attacks that it opted against including it in its Surface devices. Some Windows 10 OEMs have adopted Thunderbolt, while all Apple Mac computers since 2011 include Thunderbolt.  

SEE: 10 tips for new cybersecurity pros (free PDF)

The technology is vulnerable to this type of attack because the Thunderbolt controller – a PCIe device – has DMA, which can allow an attacker to access system memory via a connected peripheral.   

This risk was demonstrated by the Thunderclap Thunderbolt flaws disclosed in 2019, which affected Mac, Linux, and Windows devices. 

However, Ruytenberg notes that Thunderspy differs to Thunderbolt, which relied on tricking users into accepting a malicious device as a trusted one. Thunderspy on the other hand breaks Thunderbolt hardware and protocol security.   

While all Thunderbolt-equipped computers are vulnerable to Thunderspy, Intel, which develops Thunderbolt technology, says the attacks were mitigated at the operating-system level with Kernel Direct Memory Access (DMA) protection, but this technology is limited to computers sold since 2019. 

Microsoft implemented kernel DMA protection in Windows 1803 to protect against physical access attacks using PCI devices connected to Thunderbolt 3 ports on Windows 10 devices from OEMs that have adopted Thunderbolt, including Dell, HP, and Lenovo. 

The security feature allows device drivers to run in an isolated, read-only portion of kernel memory. However, Microsoft also notes that kernel DMA protection "does not protect against DMA attacks via 1394/FireWire, PCMCIA, CardBus, ExpressCard, and so on". 

Linux kernel 5.x and later and MacOS Sierra 10.12.4 and later also include kernel DMA protection. 

Intel notes that Ruytenberg hasn't demonstrated successful DMA attacks on computers with DMA protection.   

For Thunderbolt 3, Intel developed a policy management feature called Security Levels that lets admins use cryptographic authentication to whitelist PCIe connections to approved peripherals.

But Ruytenberg contends that Thunderspy "completely breaks" Intel's Security Levels because Thunderbolt suffers from inadequate firmware verification, weak device authentication, use of unauthenticated device metadata, and is vulnerable to version downgrade attacks. 

Thunderbolt also allows for unauthenticated controller configurations and suffers from SPI flash interface deficiencies, while Thunderbolt security on Apple's Boot Camp for running Windows 10 on a Mac is completely missing, he found.     

In light of the Thunderspy flaws, Intel has recommended people only use trusted peripherals and prevent unauthorized physical access to computers. 

The flaws would allow a so-called 'evil maid' attacker – the hypothetical hotel employee who gains physical access to an unattended computer – to undermine Intel's Security Levels controls, according to Ruytenberg.    

"In an evil-maid threat model and varying Security Levels, we demonstrate the ability to create arbitrary Thunderbolt device identities, clone user-authorized Thunderbolt devices, and finally obtain PCIe connectivity to perform DMA attacks," he writes.  

"In addition, we show unauthenticated overriding of Security Level configurations, including the ability to disable Thunderbolt security entirely, and restoring Thunderbolt connectivity if the system is restricted to exclusively passing through USB and/or DisplayPort."

He also goes on to demonstrate that an attacker can permanently disable Thunderbolt security and block all future firmware updates. 

Ruytenberg says Intel can't fix the Thunderspy flaws via a software update and will require a silicon redesign to address the issues. The bugs could also affect the upcoming USB 4 and Thunderbolt 4 standards. 

SEE: Microsoft and Intel project converts malware into images before analyzing it

Intel hasn't issued CVE identifiers for any of the Thunderspy vulnerabilities and does not plan to issue fixes for systems already on the market. 

"Despite our repeated efforts, the rationale to Intel's decision not to mitigate the Thunderspy vulnerabilities on in-market systems remains unknown," said Ruytenberg. 

"Given the nature of Thunderspy, however, we believe it would be reasonable to assume these cannot be fixed and require a silicon redesign. Indeed, for future systems implementing Thunderbolt technology, Intel has stated they will incorporate additional hardware protections."

Ruytenberg also notes that very few systems sold since 2019 actually support the security feature. Among models that do are the HP EliteBook and ZBook 2019 and later, Lenovo ThinkPad P53 and X1 Carbon 2019 and later, and the Lenovo Yoga C940, if it shipped with Intel's Ice Lake CPU. 

Apple also has decided against offering a fix for Thunderspy. 

More on Thunderbolt and security